Lucene search
K

20 matches found

OSV
OSV
added 2026/06/23 9:44 a.m.6 views

ROOT-APP-MAVEN-CVE-2016-1000027 CVE-2016-1000027 in io.root.org.springframework:spring-web - Patched by Root

Root has patched CVE-2016-1000027 in the io.root.org.springframework:spring-web package for Root:Maven. Multiple fixed versions available...

9.8CVSS8.4AI score0.32257EPSS
Exploits4
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.17 views

RCE (Remote Code Execution) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2016-1000027

note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...

9.8CVSS6.9AI score0.32257EPSS
Exploits4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-51307

Malicious code in bioql PyPI...

9.8CVSS7.9AI score0.0096EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 7:28 a.m.12 views

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to Spring Web Unsafe Deserialization [CVE-2016-1000027]

Summary There is a vulnerability called potential remote code execution RCE in the Spring Web open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. CVE-2016-1000027 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring...

9.8CVSS8.1AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:21 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted...

9.8CVSS8.1AI score0.32257EPSS
Exploits4Affected Software1
Circl
Circl
added 2025/06/12 3:25 a.m.21 views

CVE-2016-1000027

creationtimestamp| type| source ---|---|--- 2025-06-12 03:25:59+00:00| seen| https://bsky.app/profile/msw.bsky.social/post/3lrexyicuzs2f 2025-06-12 03:30:28+00:00| seen| https://bsky.app/profile/msw.bsky.social/post/3lreyahne4c2f 2026-01-07 03:00:06+00:00| published-proof-of-concept|...

9.8CVSS7.8AI score0.32257EPSS
Exploits4References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/10 10:26 a.m.29 views

Security Bulletin: Vulnerability in Pivota Spring Framework affects watsonx.data

Summary Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by...

9.8CVSS9.8AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/06 4:53 p.m.48 views

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...

9.8CVSS8.8AI score0.32257EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 10:47 a.m.39 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.1 addresses multiple existing security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.1 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-24680 DESCRIPTION: Django is vulnerable to a denial of service,...

9.8CVSS8.2AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/07 10:44 a.m.32 views

Security Bulletin: IBM Sterling Control Center vulnerable to denial of service due to Spring Boot and remote code execution due to Spring Framework

Summary IBM Sterling Control Center containerized image uses VMWare Tanzu Spring Boot and Pivotal Spring Framework. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20883 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial...

9.8CVSS9.2AI score0.32257EPSS
Exploits4Affected Software1
Prion
Prion
added 2023/10/31 4:15 a.m.38 views

Deserialization of untrusted data

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution...

7.5CVSS9.6AI score0.32257EPSS
Exploits4References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/03 7:55 p.m.35 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining [CVE-2016-1000027]

Summary There is a vulnerability in Spring Framework that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2016-1000027 Vulnerability Details...

9.8CVSS9.7AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 3:27 p.m.37 views

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to Spring Web Unsafe Deserialization [CVE-2016-1000027]

Summary There is a vulnerability in the Spring Web open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. CVE-2016-1000027 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execu...

9.8CVSS9.6AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/25 3:44 p.m.37 views

Security Bulletin: Due to the use of Apache spring-web, IBM ECM Content Management Interoperability Services (CMIS) is affected by remote code execution (RCE) security vulnerability CVE-2016-1000027

Summary IBM ECM Content Management Interoperability Services CMIS is affected by Apache spring-web security vulnerability CVE-2016-1000027 , affected, not vulnerable. Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execute arbitra...

9.8CVSS9.8AI score0.32257EPSS
Exploits4Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 5:5 p.m.8 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +38135 more potentially affected by CVE-2016-1000027 via org.springframework:spring-web (>=1.2.1 <=5.3.9)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2016-1000027 Source advisory: OSV:GHSA-4WRC-F8PQ-FPQP...

9.8CVSS7.1AI score0.32257EPSS
Exploits4
GithubExploit
GithubExploit
added 2021/02/01 7:46 p.m.8 views

Exploit for Deserialization of Untrusted Data in Vmware Spring_Framework

PoC for CVE-2016-1000027 This is a demo Spring Boolt applicat...

9.8CVSS8.2AI score0.32257EPSS
Exploits4
Chainguard
Chainguard
added 2020/01/02 11:15 p.m.23 views

CVE-2016-1000027 vulnerabilities

Vulnerabilities for packages: geoserver...

9.8CVSS7AI score0.32257EPSS
Exploits4
Wolfi
Wolfi
added 2020/01/02 11:15 p.m.42 views

CVE-2016-1000027 vulnerabilities

Vulnerabilities for packages: apache-nifi...

7.5CVSS9.6AI score0.32257EPSS
Exploits4
UbuntuCve
UbuntuCve
added 2020/01/02 11:15 p.m.50 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS7.2AI score0.32257EPSS
Exploits4References2
CVE
CVE
added 2020/01/02 12:0 a.m.564 views

CVE-2016-1000027

CVE-2016-1000027 involves remote code execution in Pivotal Spring Framework when deserializing untrusted data. Connected sources specify impact up to Spring Framework 5.3.16 (RCE via Java deserialization) and note that the vendor discourages untrusted-deserialization usage. Remediation guidance i...

9.8CVSS9.8AI score0.32257EPSS
Exploits4References9Affected Software1
Rows per page
Query Builder