Security Bulletin: Vulnerability in [All] Spring Framework - CVE-2021-22060 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator

Summary Spring Framework is used IBM Watson Machine Learning Accelerator. This bulletin provides mitigations for the addressable vulnerability CVE-2021-22060 by upgrading addressable to latest version. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Vulnerability Profile Spring Cloud Gateway is a brand new pro...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Vulnerability Profile Spring Cloud Gateway is a brand new pro...

Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

com.farao-community.farao:gridcapa-data-bridge (>=1.0.0 <=1.3.2), com.pleosoft.pleodox:pleodox-core (>=1.0.0-RELEASE <=1.0.2-RELEASE) potentially affected by CVE-2021-22114 via org.springframework.integration:spring-integration-zip (>=1.0.2.RELEASE <=1.0.3.RELEASE)

org.springframework.integration:spring-integration-zip MAVEN version =1.0.2.RELEASE, =1.0.0, =1.0.0-RELEASE, =1.0.2-RELEASE Source cves: CVE-2021-22114 Source advisory: OSV:GHSA-VW83-H3MQ-3QWJ...

GHSA-VW83-H3MQ-3QWJ Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 pocsuite -r CVE-2022-22947POCEXP.py -u url --...

ai.h2o:h2o-clustering (>=3.32.1.1 <=3.44.0.2), ai.h2o:h2o-k8s (>=3.30.0.2 <=3.44.0.2) +211 more potentially affected by CVE-2022-21230 via org.nanohttpd:nanohttpd (>=2.2.0 <=2.3.1)

org.nanohttpd:nanohttpd MAVEN version =2.2.0, =3.32.1.1, =3.30.0.2, =3.34.0.3, =1.0.0, =1.0.0, =1.0.0, =3.8, =1.0, =1.1, =0.2.22, =0.2.22, =0.4.15 and more Source cves: CVE-2022-21230 Source advisory: SNYK:JAVA-ORGNANOHTTPD-2422798...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 !Dockerfilehttps://github.com/ahmad4fifz/C...

cc.cc4414:cc-spring-cloud-starter (>=0.3.0 <=0.8.0), cc.cc4414:cc-spring-cloud-starter-gateway (>=0.5.0 <=0.8.0) +902 more potentially affected by CVE-2021-44667 via com.alibaba.nacos:nacos-common (>=0.1.0 <=1.4.4)

com.alibaba.nacos:nacos-common MAVEN version =0.1.0, =0.3.0, =0.5.0, =1.0.2, =1.0.0, =1.0.4.R, =1.1, =1.1, =1.0.0.RELEASE, =0.0.2, =0.0.2, =0.0.4.BETA, =1.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2021-44667 Source advisory: OSV:GHSA-4GR7-QW2Q-JXH6...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-ex...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-ex...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-ex...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 CVE-2022-22947EXP, CVE-2...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 CVE-2022-22947EXP, CVE-2...

VMware Spring Cloud Gateway Detection (HTTP)

HTTP based detection of VMware Spring Cloud Gateway. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

VMware Spring Cloud Gateway < 3.0.7, 3.1.x < 3.1.1 RCE Vulnerability - Active Check

VMware Spring Cloud Gateway is prone to a remote code execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

cve-2022-22947 Spring Cloud Gateway is an API gateway in Sp...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 SpringCloudGatewayRCE Code by: Junsh...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE Overview of CVE...