CVE-2019-10158

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...

CVE-2019-10158

Infinispan (up to 9.4.14.Final) is affected by an improper implementation of the session fixation protection in the Spring Session integration, leading to incorrect session handling. This vulnerability is documented as CVE-2019-10158. Red Hat’s advisory confirms the issue and provides the remedia...

PT-2020-9052 · Red Hat · Infinispan

Name of the Vulnerable Software and Affected Versions: Infinispan versions prior to 9.4.14.Final Description: A flaw was found in the improper implementation of the session fixation protection in the Spring Session integration, which can result in incorrect session handling. Recommendations: For...

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

CVE-2016-1000027

CVE-2016-1000027 involves remote code execution in Pivotal Spring Framework when deserializing untrusted data. Connected sources specify impact up to Spring Framework 5.3.16 (RCE via Java deserialization) and note that the vendor discourages untrusted-deserialization usage. Remediation guidance i...

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

Pivotal Software Spring Framework Code Issue Vulnerability

Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A code issue vulnerability exists in Pivotal Software Spring Framework version 4.1.4, which can be exploited by ...

infinispan: Session fixation protection broken for Spring Session integration

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...

Oracle GoldenGate for Big Data 12.3.1.1.x < 12.3.1.1.6 / 12.3.2.1.x < 12.3.2.1.5 Spring Framework DoS (Oct 2019 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is 12.3.1.1.x less than 12.3.1.1.6 or 12.3.2.1.x less than 12.3.2.1.5. It is, therefore, affected by a denial of service DoS vulnerability. This vulnerability is due to its use...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2019-11272

A flaw was found in Spring Security in several versions, in the use of plain text passwords using the PlaintextPasswordEncoder. If an application is using an affected version of Spring Security with the PlaintextPasswordEncoder and a user has a null encoded password, an attacker can use this flaw...

CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

Spring Framework < 4.3.16 / 5.0.x < 5.0.5 Remote Code Execution with spring-messaging (CVE-2018-1270)

The remote host contains a Spring Framework library version that is 4.3.x prior to 4.3.16 or 5.0.x prior to 5.0.5. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, by sending a special craft message to the broker that can...

XSS Vulnerability in Huaxia ERP System

Huaxia ERP based on the SpringBoot framework , SaaS model , aspires to provide small and medium-sized enterprises with open source good ERP software , currently focusing on sales and inventory + financial functions . Huaxia ERP system has an XSS vulnerability that can be exploited by attackers to...

Spring Cloud eureka suffers from an information disclosure vulnerability

Spring Cloud is currently used for the development of microservices, one of the mainstream frameworks, in Spring Cloud you can use the Eureka module to realize the service registration and discovery, Spring Cloud Eureka is based on Netflix Eureka to do the second package, which is mainly...

Design/Logic Flaw

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent...

CVE-2019-11276 Apps Manager sends tokens to Spring apps via HTTP

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent...

spring-security-oauth: Privilege escalation by manipulating saved authorization request

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...

spring-security-core: Unauthorized Access with Spring Security Method Security

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

Important: Red Hat Security Advisory: Red Hat Fuse 7.4.0 security update

A minor version update from 7.3 to 7.4 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...