Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/04/03 6:1 a.m.44 views

Security Bulletin: A CSRF vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool

Summary A CSRF related vulnerability in HTTP response has been found in Pivotal Spring Framework used by IBM LKS Administration & Reporting Tool ART. A mitigiation has been included in the latest ART release. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes...

5.3CVSS0.6AI score0.02382EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2020/01/21 8:59 p.m.4 views

ai.ylyue:yue-library-webflux (>=j8.2.3.0 <=j11.2.3.3), app.myoss.cloud.boot:myoss-starter-webflux (>=2.3.0.RELEASE <=2.3.1.RELEASE) +616 more potentially affected by CVE-2020-5397 via org.springframework:spring-webflux (>=5.2.0.RELEASE <=5.2.2.RELEASE)

org.springframework:spring-webflux MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =2.3.0.RELEASE, =2.0.8, =0.5.1, =1.1.0, =1.0.0, =1.1.2 - cn.magichand:magichand-common-swagger =1.0.4 and more Source cves: CVE-2020-5397 Source advisory: OSV:GHSA-7PM4-G2QJ-J85X...

5.3CVSS6.4AI score0.02382EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2020/01/21 8:59 p.m.6 views

ai.ylyue:yue-library-auth-client (>=j8.2.3.0 <=j11.2.3.3), ai.ylyue:yue-library-auth-service (>=j8.2.3.0 <=j11.2.3.3) +3893 more potentially affected by CVE-2020-5397 via org.springframework:spring-webmvc (>=5.2.0.RELEASE <=5.2.2.RELEASE)

org.springframework:spring-webmvc MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =2.3.0.RELEASE, =1.1.1, =1.0.0, =1.2.2.RELEASE, =1.2.2.RELEASE, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.12 and more Source cves: CVE-2020-5397 Source advisory: OSV:GHSA-7PM4-G2QJ-J85X...

5.3CVSS6.3AI score0.02382EPSS
Exploits1
OSV
OSV
added 2020/01/17 7:15 p.m.24 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.8AI score0.02382EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2020/01/17 7:15 p.m.33 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.4AI score0.02382EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/01/17 6:50 p.m.40 views

CVE-2020-5397 CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS7.2AI score0.02382EPSS
Exploits1References7
CVE
CVE
added 2020/01/17 6:50 p.m.232 views

CVE-2020-5397

CVE-2020-5397 - Normal details Affected software: Spring Framework 5.2.x (prior to 5.2.3) where CSRF is possible via CORS preflight requests targeting Spring MVC (spring-webmvc) or Spring WebFlux (spring-webflux). Vulnerability and impact: Non-authenticated endpoints can be exploited through pref...

5.3CVSS5.5AI score0.02382EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder