CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6525 matches found

IBM Security Bulletins•added 2020/04/03 6:1 a.m.•43 views

Security Bulletin: A CSRF vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool

Summary A CSRF related vulnerability in HTTP response has been found in Pivotal Spring Framework used by IBM LKS Administration & Reporting Tool ART. A mitigiation has been included in the latest ART release. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes...

5.3CVSS0.6AI score0.00855EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2020/04/02 4:33 p.m.•10 views

Security Bulletin: A Response Header related vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool

Summary A "Content-Description" header related vulnerability in HTTP response has been found in Pivotal Spring Framework used by IBM LKS Administration & Reporting Tool ART. A mitigiation has been included in the latest ART release. Vulnerability Details Refer to the security bulletins listed in...

1.1AI score

Exploits0Affected Software1

Veracode•added 2020/03/30 6:1 a.m.•8 views

Cross-Site Request Forgery (CSRF)

spring-security-web is vulnerable to cross-site forgery request CSRF. A remote attacker is able to submit requests to the SwitchUserFilter on behalf of the authenticated user by tricking the user into visiting a malicious web page. This vulnerability exists as the application accepts all HTTP...

1.1AI score

Exploits0

RedHat Linux•added 2020/03/26 3:46 p.m.•1 views

spring-security-core: mishandling of user passwords allows logging in with a password of NULL

A flaw was found in Spring Security in several versions, in the use of plain text passwords using the PlaintextPasswordEncoder. If an application is using an affected version of Spring Security with the PlaintextPasswordEncoder and a user has a null encoded password, an attacker can use this flaw...

7.5CVSS5.8AI score0.00407EPSS

Exploits0References5

RedHat Linux•added 2020/03/26 3:46 p.m.•1 views

springframework: DoS Attack via Range Requests

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS7.2AI score0.20127EPSS

Exploits0References5

RedHat Linux•added 2020/03/26 3:46 p.m.•120 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update

A minor version update from 7.5 to 7.6 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

9.8CVSS7.8AI score0.70524EPSS

Exploits8References27

RedHat Linux•added 2020/03/26 3:46 p.m.•1 views

spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

5.3CVSS5.7AI score0.00243EPSS

Exploits0References5