20 matches found
ROOT-APP-MAVEN-CVE-2016-1000027 CVE-2016-1000027 in io.root.org.springframework:spring-web - Patched by Root
Root has patched CVE-2016-1000027 in the io.root.org.springframework:spring-web package for Root:Maven. Multiple fixed versions available...
RCE (Remote Code Execution) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2016-1000027
note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...
EUVD-2023-51307
Malicious code in bioql PyPI...
Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to Spring Web Unsafe Deserialization [CVE-2016-1000027]
Summary There is a vulnerability called potential remote code execution RCE in the Spring Web open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. CVE-2016-1000027 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted...
CVE-2016-1000027
creationtimestamp| type| source ---|---|--- 2025-06-12 03:25:59+00:00| seen| https://bsky.app/profile/msw.bsky.social/post/3lrexyicuzs2f 2025-06-12 03:30:28+00:00| seen| https://bsky.app/profile/msw.bsky.social/post/3lreyahne4c2f 2026-01-07 03:00:06+00:00| published-proof-of-concept|...
Security Bulletin: Vulnerability in Pivota Spring Framework affects watsonx.data
Summary Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by...
Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.1 addresses multiple existing security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7.1 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-24680 DESCRIPTION: Django is vulnerable to a denial of service,...
Security Bulletin: IBM Sterling Control Center vulnerable to denial of service due to Spring Boot and remote code execution due to Spring Framework
Summary IBM Sterling Control Center containerized image uses VMWare Tanzu Spring Boot and Pivotal Spring Framework. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20883 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial...
Deserialization of untrusted data
Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution...
Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining [CVE-2016-1000027]
Summary There is a vulnerability in Spring Framework that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2016-1000027 Vulnerability Details...
Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to Spring Web Unsafe Deserialization [CVE-2016-1000027]
Summary There is a vulnerability in the Spring Web open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. CVE-2016-1000027 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execu...
Security Bulletin: Due to the use of Apache spring-web, IBM ECM Content Management Interoperability Services (CMIS) is affected by remote code execution (RCE) security vulnerability CVE-2016-1000027
Summary IBM ECM Content Management Interoperability Services CMIS is affected by Apache spring-web security vulnerability CVE-2016-1000027 , affected, not vulnerable. Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execute arbitra...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +38135 more potentially affected by CVE-2016-1000027 via org.springframework:spring-web (>=1.2.1 <=5.3.9)
org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2016-1000027 Source advisory: OSV:GHSA-4WRC-F8PQ-FPQP...
Exploit for Deserialization of Untrusted Data in Vmware Spring_Framework
PoC for CVE-2016-1000027 This is a demo Spring Boolt applicat...
CVE-2016-1000027 vulnerabilities
Vulnerabilities for packages: geoserver...
CVE-2016-1000027 vulnerabilities
Vulnerabilities for packages: apache-nifi...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2016-1000027
CVE-2016-1000027 involves remote code execution in Pivotal Spring Framework when deserializing untrusted data. Connected sources specify impact up to Spring Framework 5.3.16 (RCE via Java deserialization) and note that the vendor discourages untrusted-deserialization usage. Remediation guidance i...