8 matches found
Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Spring Security
Summary Spring Security is used by IBM Sterling B2B Integrator. Multiple Spring Security vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2019-3795 DESCRIPTION: Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when usi...
Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed multiple Spring Framework security vulnerabilites. Vulnerability Details CVEID:CVE-2013-4152 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error...
[SECURITY] [DLA 1848-1] libspring-security-2.0-java security update
Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u2 CVE ID : CVE-2019-11272 Spring Security support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null...
ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7), ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.4-SB1X <=0.1.4-SB1X_6) +2588 more potentially affected by CVE-2019-11272 via org.springframework.security:spring-security-core (>=2.0.0 <=4.2.12.RELEASE)
org.springframework.security:spring-security-core MAVEN version =2.0.0, =0.1.6, =0.1.4-SB1X, =1.0.0, =1.0.0, =1.0.0, =1.1.0.RELEASE, =1.1.1, =1.3.1-RELEASE, =0.3.3, =0.1, =1.0.0, =1.2.1, =2.0.0, =3.0.3, =3.0.6 and more Source cves: CVE-2019-11272 Source advisory: OSV:GHSA-V33X-PRHC-GPH5...
CVE-2019-11272
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user ...
CVE-2019-11272
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user ...
CVE-2019-11272
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user ...
CVE-2019-11272
CVE-2019-11272 affects Spring Security where PlaintextPasswordEncoder can allow login with a password of "null" if an encoded password is null. Affected: Spring Security 4.2.x up to 4.2.12 and older unsupported versions. Root cause: using PlaintextPasswordEncoder with null encoded passwords. Impa...