Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/09/26 6:30 p.m.44 views

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34034 and CVE-2023-34035 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2023-34034 and CVE-2023-34035. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Securi...

9.8CVSS7.7AI score0.03465EPSS
Exploits2Affected Software1
Veracode
Veracode
added 2023/07/21 2:37 a.m.33 views

Authorization Rule Misconfiguration

spring-security-config is vulnerable to Authorization Rule Misconfiguration. The vulnerability exists due to the lack of validation in the RequestMatcher of AbstractRequestMatcherRegistry.java when the application uses the requestMatchersString function with multiple servlets, one of them being...

7.3CVSS6.9AI score0.00568EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/07/18 4:15 p.m.32 views

CVE-2023-34035

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

5.3CVSS7AI score0.00568EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/18 3:29 p.m.31 views

CVE-2023-34035

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

7.3CVSS7.4AI score0.00568EPSS
Exploits1References1
Rows per page
Query Builder