Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/05/13 2:58 p.m.45 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Spring Security

Summary Spring Security is used by IBM Sterling B2B Integrator. Multiple Spring Security vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2019-3795 DESCRIPTION: Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when usi...

7.5CVSS1.2AI score0.01884EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/13 2:58 p.m.116 views

Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed multiple Spring Framework security vulnerabilites. Vulnerability Details CVEID:CVE-2013-4152 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error...

7.5CVSS6.8AI score0.91354EPSS
Exploits2Affected Software1
Debian
Debian
added 2019/07/09 6:25 a.m.138 views

[SECURITY] [DLA 1848-1] libspring-security-2.0-java security update

Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u2 CVE ID : CVE-2019-11272 Spring Security support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null...

7.5CVSS7.2AI score0.0137EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2019/06/27 5:24 p.m.5 views

ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7), ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.4-SB1X <=0.1.4-SB1X_6) +2588 more potentially affected by CVE-2019-11272 via org.springframework.security:spring-security-core (>=2.0.0 <=4.2.12.RELEASE)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =0.1.6, =0.1.4-SB1X, =1.0.0, =1.0.0, =1.0.0, =1.1.0.RELEASE, =1.1.1, =1.3.1-RELEASE, =0.3.3, =0.1, =1.0.0, =1.2.1, =2.0.0, =3.0.3, =3.0.6 and more Source cves: CVE-2019-11272 Source advisory: OSV:GHSA-V33X-PRHC-GPH5...

7.5CVSS6.7AI score0.0137EPSS
Exploits0
NVD
NVD
added 2019/06/26 2:15 p.m.23 views

CVE-2019-11272

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user ...

7.5CVSS7.3AI score0.0137EPSS
Exploits0References2
OSV
OSV
added 2019/06/26 2:15 p.m.25 views

CVE-2019-11272

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user ...

7.3CVSS7.2AI score0.0137EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/06/26 2:15 p.m.30 views

CVE-2019-11272

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user ...

7.5CVSS6.7AI score0.0137EPSS
Exploits0References2
CVE
CVE
added 2019/06/26 2:6 p.m.142 views

CVE-2019-11272

CVE-2019-11272 affects Spring Security where PlaintextPasswordEncoder can allow login with a password of "null" if an encoded password is null. Affected: Spring Security 4.2.x up to 4.2.12 and older unsupported versions. Root cause: using PlaintextPasswordEncoder with null encoded passwords. Impa...

7.5CVSS7.2AI score0.0137EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder