CVE-2023-51650 Unauthorized access vulnerability on three interfaces

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

The vulnerability of the Spring Boot web application framework, related to improper resource cleanup or release, allows attackers to trigger service failures.

The vulnerability of the Spring Boot web application framework lies in improper resource cleanup or release mechanisms. Exploiting this vulnerability allows an attacker to trigger a service failure through a specially crafted HTTP request...

Hertzbeat Security Vulnerabilities

Hertzbeat is an open source real-time monitoring system from the dromara organization. A security vulnerability exists in Hertzbeat versions prior to 1.4.1 that stems from a misconfiguration of Spring Boot permissions, resulting in unauthorized access vulnerabilities in three interfaces...

PT-2023-31868 · Hertzbeat · Hertzbeat

Name of the Vulnerable Software and Affected Versions: Hertzbeat versions prior to 1.4.1 Description: Hertzbeat is an open source, real-time monitoring system. Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces, potentially resulting in the...

Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-39975, CVE-2023-34042)

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2023-39975 DESCRIPTION: MIT Kerberos 5 aka krb5 is vulnerable to a denial of service, caused by a double free in KDC TGS processing. By sending a specially crafted request, a remote authenticated attacke...

This Week in Spring - December 19th, 2023

Hi, Spring fans! Welcome to another oh-so-festive edition of This Week in Spring! the Spring Authorization Server 1.2.1, 1.1.14, and 0.4.5, are now available Spring AMQP 3.1.1 is now available Spring Security 5.8.9, 6.1.6, 6.2.1 are now available Spring for Apache Kakfa 3.1.1 is now available...

Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining CVE-2023-34042

Summary There is a vulnerability in Spring Security that could allow a local authenticated attacker to bypass security restrictions on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

org.apache.dubbo:dubbo-spring-boot-actuator (=3.1.5), org.apache.dubbo:dubbo-spring-boot-actuator-compatible (=3.1.5) +5 more potentially affected by CVE-2023-46279 via org.apache.dubbo:dubbo (=3.1.5)

org.apache.dubbo:dubbo MAVEN version =3.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.dubbo:dubbo and may be impacted: - org.apache.dubbo:dubbo-spring-boot-actuator =3.1.5 - org.apache.dubbo:dubbo-spring-boot-actuator-compatible =3.1.5...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-50101 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-50101 Source advisory: OSV:GHSA-M3P6-43XJ-PF9V...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.4 release and security update

Red Hat Integration Camel for Spring Boot 3.20.4 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.2 release security update

Red Hat Integration Camel for Spring Boot 4.0.2 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

com.sap.cds:cds-starter-cloudfoundry (>=2.0.1 <=2.4.0), com.sap.cds:cds-starter-k8s (>=2.0.1 <=2.4.0) +2 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security.xsuaa:spring-xsuaa (>=3.0.0 <=3.2.1)

com.sap.cloud.security.xsuaa:spring-xsuaa MAVEN version =3.0.0, =2.0.1, =2.0.1, =3.0.0, =3.0.0, =3.2.1 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

com.sap.cds:cds-starter-cloudfoundry (>=1.19.0 <=1.34.7), com.sap.cds:cds-starter-k8s (>=1.34.0 <=1.34.7) +4 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security.xsuaa:spring-xsuaa (>=1.3.0 <=2.16.0)

com.sap.cloud.security.xsuaa:spring-xsuaa MAVEN version =1.3.0, =1.19.0, =1.34.0, =2.11.16, =2.10.0, =1.3.0, =1.6.0, =2.16.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

com.sap.cds:cds-starter-cloudfoundry (>=2.2.0 <=2.4.0), com.sap.cds:cds-starter-k8s (>=2.2.0 <=2.4.0) +5 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security:spring-security (>=3.0.0 <=3.2.1)

com.sap.cloud.security:spring-security MAVEN version =3.0.0, =2.2.0, =2.2.0, =1.0.4, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.4.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

com.sap.cloud.security:resourceserver-security-spring-boot-starter (>=0.1.0 <=2.16.0) potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security:spring-security (>=0.1.0 <=2.16.0)

com.sap.cloud.security:spring-security MAVEN version =0.1.0, =0.1.0, =2.16.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

VMware Spring Framework RCE Vulnerability (Spring4Shell, SpringShell) - Active Check

The VMware Spring Framework is prone to a remote code execution RCE vulnerability dubbed SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

IceCMS Security Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in IceCMS version 2.0.1, which originates from the presence of an unknown part of /WebResource/resource in the Love Handler component...

IceCMS Information Disclosure Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation of NgShow individual developers. An information leakage vulnerability exists in IceCMS version 2.0.1, which originates from the presence of an unknown function in /adplanet/PlanetUser in the API...

Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...

This Week in Spring - December 12th, 2023

Hi, Spring fans! Welcome to a new installment of This Week in Spring! We've got a ton of stuff to get into, so let's dive right in! Laur Spilca and I look at how to ugprade a Spring Security 5.x application to Spring Security 6.x. Apache SkyWalking with Sheng Wu and Apache ShardingSphere with...