Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/05/13 2:58 p.m.116 views

Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed multiple Spring Framework security vulnerabilites. Vulnerability Details CVEID:CVE-2013-4152 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error...

7.5CVSS6.8AI score0.91354EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:2 a.m.7 views

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +2797 more potentially affected by CVE-2014-0054 via org.springframework:spring-webmvc (>=1.2.1 <=3.2.7.RELEASE)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.0, =0.0.20, =0.3.3, =1.0, =0.0.1, =0.1.0, =1.0.0, =0.2, =3.0.1, =4.0.0 and more Source cves: CVE-2014-0054 Source advisory: OSV:GHSA-8CMM-QJ8G-FCP6...

6.8CVSS7.2AI score0.91354EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2014-0155)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8.5AI score0.91354EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:35 p.m.41 views

Security Bulletin: Pivotal Spring Framework vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)

Summary Multiple vulnerabilities have been identified in the OpenSource/Pivotal Spring Framework version that is embeddded in IBM Tivoli Application Dependency Discovery Manager TADDM thus requiring an upgrade to Spring Framework version 3.2.13. Vulnerability Details CVEID: CVE-2014-3578...

6.8CVSS0.7AI score0.91354EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.48 views

Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVE's

Summary OpenSource Pivotal Spring Framework as used in IBM QRadar is susceptible to several vulnerabilities. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection X...

6.8CVSS1.1AI score0.91354EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.43 views

Security Bulletin: OpenSource Spring Source/Pivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054)

Summary Pivotal Spring Framework could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when...

6.8CVSS1.1AI score0.91354EPSS
Exploits2Affected Software1
OSV
OSV
added 2014/04/17 2:55 p.m.12 views

CVE-2014-0054

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...

5.7AI score
Exploits0References5
CVE
CVE
added 2014/04/17 2:0 p.m.133 views

CVE-2014-0054

CVE-2014-0054 is a XXE in Spring Framework’s Jaxb2RootElementHttpMessageConverter used by Spring MVC. Affected: Spring Framework before 3.2.8 and before 4.0.2 (specifically 4.0.0–4.0.2). Root cause: external entity resolution not disabled, allowing remote attackers to read arbitrary files, cause ...

6.8CVSS7.2AI score0.91354EPSS
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2014/03/31 12:0 a.m.38 views

Debian DSA-2890-1 : libspring-java - security update

Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework. - CVE-2014-0054 Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities. - CVE-2014-1904 Spring MVC introduces a cross-site scripting vulnerability if the action on ...

6.8CVSS8.1AI score0.91354EPSS
Exploits0References7
Debian
Debian
added 2014/03/29 7:21 p.m.40 views

[SECURITY] [DSA 2890-1] libspring-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2890-1 [email protected] http://www.debian.org/security/ Florian Weimer March 29, 2014 http://www.debian.org/security/faq -...

6.8CVSS7.3AI score0.91354EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/03/29 12:0 a.m.32 views

Debian Security Advisory DSA 2890-1 (libspring-java - security update)

Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework. CVE-2014-0054 Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities. CVE-2014-1904 Spring MVC introduces a cross-site scripting vulnerability if the action on a...

6.8CVSS0.3AI score0.91354EPSS
Exploits0References1
OSV
OSV
added 2014/03/29 12:0 a.m.29 views

DSA-2890-1 libspring-java - security update

Bulletin has no description...

6.8CVSS7.2AI score0.91354EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/03/28 12:0 a.m.33 views

Debian: Security Advisory (DSA-2890-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.5AI score0.91354EPSS
Exploits0References3
Rows per page
Query Builder