Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restriction bypass in VMware Tanzu Spring Boot (CVE-2023-20873)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restriction bypass in VMware Tanzu Spring Boot, caused by a flaw with wildcard pattern matching when deployed on Cloud Foundry CVE-2023-20873. VMware Tanzu Spring Boot is used as part of our Speech...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in VMware Tanzu Spring Framework (CVE-2023-20863)

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in VMware Tanzu Spring Boot, caused by improper input validation CVE-2023-20863. VMware Tanzu Spring Framework is used as part of our Speech Service microservices. This...

Spring Cloud 3.2.2 Remote Command Execution

Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Date: 07/07/2023 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...

Apache Ambari 安全漏洞

Apache Ambari is an application from the Apache USA Foundation. It provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A security vulnerability exists in Apache Ambari versions 2.7.0 through 2.7.6, which originates from a SpringEL...

Apache Ambari 安全漏洞

Apache Ambari is an application from the Apache USA Foundation. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A security vulnerability exists in Apache Ambari, which originates from a SpringEL injection in the metrics source and...

Azure Spring Apps Enterprise – More Power, Scalability & Extended Spring Boot Support

Can you believe Spring is celebrating its 20th anniversary this year? We could not have gotten here without our millions of Spring developers across the globe, thank you! Spring has been an essential tool for Java developers, and it continues to grow and innovate at a fast pace. From the onset,...

This Week in Spring - July 11th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in yummy, sunny Jakarta, Indonesia at the moment, preparing for a week of meetings and the SpringOne Tour Indonesia event later this week. I'll also be speaking in Kuala Lumpur, Malaysia on July 20th, 2023 . If you're in...

Spring Cloud 3.2.2 - Remote Command Execution Exploit

Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...

Spring Cloud 3.2.2 - Remote Command Execution (RCE)

Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Date: 07/07/2023 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Framework security bypass and denial of service vulnerabilities [CVE-2023-20860, CVE-2023-20861]

Summary Potential VMware Tanzu Spring Framework security bypass and denial of service vulnerabilities have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. CVE-2023-20860,...

A Bootiful Podcast: Jetbrains' Anton Arhipov on IntelliJ, Java, and so much more

Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! This week Josh Long talks to Jetbrain's developer advocate Anton Arhipov, recorded live from the amazing Spring IO show in Barcelona, Spain!...

Active Health Check strategies with Spring Cloud Gateway

Active health check strategies with Spring Cloud Gateway Nowadays, applications are built as a collection of small independent upstream services. This accelerates development and allows modules to be focused on specific responsibilities, increasing their quality. This is one of the main advantage...

This Week in Spring - July 4th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week I am in sweltering, but lovely, Singapore, where I'm meeting with customers and just finished presenting at the SpringOne Tour Singapore stop. If you're in Singapore, I hope you'll join me tonight for Bootiful Sprin...

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining [CVE-2016-1000027]

Summary There is a vulnerability in Spring Framework that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2016-1000027 Vulnerability Details...

Building intelligent Spring Apps with Azure OpenAI

Note from Josh: Hi, Spring fans! I wanted to cross post this article looking at using Spring and Azure OpenAI from Microsoft's Sean Li because it's interesting: enjoy! Integrating cutting-edge artificial intelligence into apps has become a new trend in today's technological landscape. Spring is t...

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to Spring Web Unsafe Deserialization [CVE-2016-1000027]

Summary There is a vulnerability in the Spring Web open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. CVE-2016-1000027 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execu...

Security Bulletin: IBM Watson Explorer is affected by vulnerabilities in Spring Framework

Summary IBM Watson Explorer contains a vulnerable version of Spring Framework. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL expression, a remote...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update from 7.11 to 7.12 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

spring-boot: Spring Boot Welcome Page DoS Vulnerability

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...