CVE-2020-17523

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...

CVE-2020-17523

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...

CVE-2020-17523

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.3.6 security update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

CVE-2020-17523

A flaw was found in Apache Shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality, integrity as well as system availability...

Exploit for Deserialization of Untrusted Data in Vmware Spring_Framework

PoC for CVE-2016-1000027 This is a demo Spring Boolt applicat...

SQL Injection

spring-cloud-task-core is vulnerable to SQL injection. Lack of validation of the value that is passed via a PageRequest into the JdbcTaskExecutionDao potentially allows for execution of arbitrary SQL statements...

Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Jan 2021 CPU)

MySQL Enterprise Monitor installed on the remote host is 8.0.x prior to 8.0.23. Therefore, it's affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Service Manager Apache Commons...

CVE-2020-5427

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...

CVE-2020-5427

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...

CVE-2020-5428

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...

Sql injection

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...

Sql injection

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...

CVE-2020-5428 Possibility of SQL Injection in Spring Cloud Task Execution Sorting Query

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...

CVE-2020-5428

Summary: CVE-2020-5428 affects Spring Cloud Task 2.2.4.RELEASE and earlier, with a reported SQL injection in the TaskExplorer lookup queries. The root cause is described as insufficient input validation in the PageRequest value used by JdbcTaskExecutionDao, potentially allowing arbitrary SQL exec...

CVE-2020-5427 Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...

CVE-2020-5427

Spring Cloud Data Flow is affected by CVE-2020-5427 in versions 2.6.x prior to 2.6.5 and 2.5.x prior to 2.5.4, where the task execution sorting query is vulnerable to SQL injection. The issue stems from the vulnerable SQL path when requesting task execution. Remediation is to upgrade to version 2...

Security Bulletin: Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation (CVE-2020-5421)

Summary Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...

Vmware Spring Cloud Task Application Starters SQL Injection Vulnerability

Vmware Spring Cloud Task Application Starters is a codebase for managing and executing scheduled tasks from Vmware USA. The application runs as a standalone Spring Boot application and supports operations such as database migration, machine learning, and scheduled... A SQL injection vulnerability...

PT-2021-12401 · Spring · Spring Cloud Data Flow

Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow versions 2.5.x prior to 2.5.4 Spring Cloud Data Flow versions 2.6.x prior to 2.6.5 Description: The application is vulnerable to SQL injection when requesting task execution. Recommendations: For versions 2.5.x prior to...