Lucene search
K

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/05/13 2:58 p.m.46 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Spring Security

Summary Spring Security is used by IBM Sterling B2B Integrator. Multiple Spring Security vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2019-3795 DESCRIPTION: Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when usi...

7.5CVSS1.2AI score0.01884EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/01/28 12:0 a.m.58 views

Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Jan 2021 CPU)

MySQL Enterprise Monitor installed on the remote host is 8.0.x prior to 8.0.23. Therefore, it's affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Service Manager Apache Commons...

8.7CVSS6.2AI score0.28839EPSS
Exploits2References5
vulnersOsv
vulnersOsv
added 2020/06/15 7:34 p.m.6 views

ai.hyacinth.framework:core-service-gateway-server (=0.5.24), au.org.consumerdatastandards:data-holder (>=1.0.0 <=1.12.0) +1476 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.2.3.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =1.0.0, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.12 - br.com.damsete:logging =0.0.1 - cc.cc4414:cc-spring-auth-server =0.5.1 - cc.cc4414:cc-spring-resource-starter =0.5.1 -...

6.5CVSS6.7AI score0.01594EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/06/15 7:34 p.m.6 views

com.erudika:para-jar (=1.31.0), com.erudika:para-server (=1.31.0) +82 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (=5.1.0.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.1.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - com.erudika:para-jar =1.31.0 - com.erudika:para-serv...

6.5CVSS6.7AI score0.01594EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/06/15 7:34 p.m.6 views

ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7), ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.4-SB1X <=0.1.4-SB1X_6) +2638 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=2.0.0 <=4.2.15.RELEASE)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =0.1.6, =0.1.4-SB1X, =1.0.0, =1.0.0, =1.0.0, =1.1.0.RELEASE, =1.1.1, =1.3.1-RELEASE, =0.3.3, =0.1, =1.0.0, =1.2.1, =2.0.0, =3.0.3, =3.0.6 and more Source cves: CVE-2020-5408 Source advisory: OSV:GHSA-2PPP-9496-P23Q...

6.5CVSS6.6AI score0.01594EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/06/15 7:34 p.m.9 views

ch.rasc:wamp2spring-security (=1.0.0), cn.springcloud.gray:spring-cloud-gray-server (>=B.0.0.1 <=B.0.0.6) +209 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=5.0.0.RELEASE <=5.0.15.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.0.0.RELEASE, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.2, =B.0.0.1, =2.21.8, =0.3.0, =2017.11.28, =2018.1.20 - com.netflix.genie:genie-app =4.0.0-rc.2 and more Source cves: CVE-2020-5408 Source advisory: OSV:GHSA-2PPP-9496-P23Q...

6.5CVSS6.7AI score0.01594EPSS
Exploits0
OSV
OSV
added 2020/05/14 6:15 p.m.18 views

CVE-2020-5408

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.5CVSS6.5AI score0.01594EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/05/14 6:15 p.m.46 views

CVE-2020-5408

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.5CVSS6.7AI score0.01594EPSS
Exploits0References2
CVE
CVE
added 2020/05/14 5:15 p.m.130 views

CVE-2020-5408

CVE-2020-5408 (IBM) affects IBM Sterling Connect:Direct Web Services. A fixed null initialization vector in CBC mode for the queryable text encryptor may allow a dictionary attack to derive unencrypted values, exposing sensitive information. Remediation is via upgrading to supported fixes: IBM St...

6.5CVSS6.5AI score0.01594EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder