Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Summary IBM Data Risk Manager IDRM 2.0.6.13, which is the only supported version, is impacted by multiple vulnerabilities including Apache Log4j 1.x CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022-23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493 which was bundled within hadoop-client...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 Introduction to CVE-2022-22947 The Spring C...

This Week in Spring - August 1st, 2022

Aloha, Spring fans! Welcome to another installment of This Week in Spring! Im still on vacation on the beautiful island of Maui, Hawaii, but I wanted to say hello "aloha!" and share this weeks latest roundup of all thats good and glorious in the wide and wonderful world of Springdom. Funny thing,...

How to integrate Hibernates Multitenant feature with Spring Data JPA in a Spring Boot application

For quite some time now, Hibernate has offered a Multitenant feature. It integrates nicely with Spring, but there is not much information about how to actually set it up, so I thought an example or two or three could help. There is already an excellent blog article, but it is a little dated and i...

VMware Spring Cloud Gateway 3.0 < 3.0.7 / 3.1 < 3.1.1 Code Injection

The version of Spring Cloud Gateway running on the remote host is affected by a code injection vulnerability. Applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request tha...

VMware Spring Cloud Config 2.1 < 2.1.9 / 2.2 < 2.2.3 Directory Traversal

The version of Spring Cloud Config running on the remote host is affected by a directory traversal vulnerability. Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the...

Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22963

Abstract Is Sterling Order Management affected by Spring vulnerability CVE-2022-22963? Content IBM is aware of a recently surfaced vulnerability CVE-2022-22963 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation: Componen...

Spring Authorization Server Is Going 1.0

We are excited to announce that weve started preparing for Spring Authorization Server 1.0 with plans to release the GA version in November 2022. It has been just over two years since we initially announced this new project, and we have come a long way since its initial development. The project h...

This Week in Spring - July 26th, 2022

Aloha, Spring fans! Im on vacation, reporting to you from the paradise-like island of Maui, Hawaii, and hoping that youre having a wonderful day! My family and I love Hawaii. Its brimming with beauty and serenity, and while the island of Maui, in the state of Hawaii, is very small, the islands ar...

VMware Spring Cloud Config Installed

Binary data vmwarespringcloudconfiginstalled.nbin...

VMware Spring Cloud Gateway Installed

Binary data vmwarespringcloudgatewayinstalled.nbin...

Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework and Apache Commons(CVE-2022-22970,CVE-2022-22971,CVE-2022-33980)

Summary IBM Common Licensing is vulnerable to a remote code execution in Spring Framework CVE-2022-22970,CVE-2022-22971 as it does have Spring Framework versions 5.3.0 to 5.3.20, 5.2.0 to 5.2.22, and older versions. IBM Common Licensing is vulnerable to a remote code execution in Apache Commons...

Hardcoded JWT Token in Lin CMS Spring Boot

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

GHSA-Q72P-4W56-HX7H Hardcoded JWT Token in Lin CMS Spring Boot

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

CVE-2022-32430

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

CVE-2022-32430

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

Design/Logic Flaw

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

CVE-2022-32430

Lin CMS Spring Boot v0.2.1 has an access control flaw that allows unauthenticated attackers to access backend information and functions. The nuclei template and Red Hat/GHSA entries describe a hardcoded/default JWT token scenario enabling unauthorized access, potentially compromising backend admi...

CVE-2022-32430

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...