Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/15 12:0 a.m.41 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8)

The version of AOS installed on the remote host is prior to 6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8 advisory. - In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be...

9.8CVSS8.1AI score0.35834EPSS
Exploits29References24
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 11:7 a.m.49 views

Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-22978

Summary There is a vulnerability in Spring Security that could allow an remote attacker to bypass security restrictions and obtain access to the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

9.8CVSS9.2AI score0.10037EPSS
Exploits6Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/24 5:13 p.m.72 views

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.1AI score0.99931EPSS
Exploits52References18
GithubExploit
GithubExploit
added 2023/03/16 9:34 a.m.388 views

Exploit for Incorrect Authorization in Vmware Spring_Security

CVE 2022-22978: Authorization Bypass in RegexRequestMatcher...

9.8CVSS7.6AI score0.10037EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/13 4:46 p.m.104 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Spring Security (CVE-2022-31692, CVE-2022-22978)

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Spring Security Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include...

9.8CVSS9.4AI score0.10037EPSS
Exploits9Affected Software1
GithubExploit
GithubExploit
added 2023/03/01 6:21 a.m.291 views

Exploit for Incorrect Authorization in Vmware Spring_Security

CVE 2022-22978: Authorization Bypass in RegexRequestMatcher...

9.8CVSS7.6AI score0.10037EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 9:32 a.m.48 views

Security Bulletin: Vulnerabilities in Spring Framework affects IBM Common Licensing's Administration And Reporting Tool (ART) and its Agent (CVE-2022-22978, 220811)

Summary Security Vulnerablities have been addressed in IBM Common Licensing. In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. A fix is available to address the vulnerability...

9.8CVSS9.3AI score0.10037EPSS
Exploits6Affected Software1
GithubExploit
GithubExploit
added 2022/06/04 4:57 p.m.365 views

Exploit for Incorrect Authorization in Vmware Spring_Security

CVE 2022-22978: Authorization Bypass in RegexRequestMatcher...

9.8CVSS7.6AI score0.10037EPSS
Exploits6
GithubExploit
GithubExploit
added 2022/05/31 3:14 a.m.643 views

Exploit for Incorrect Authorization in Vmware Spring_Security

CVE-2022-22978 Spring-Security Bypass Demo When using Rege...

9.8CVSS6.8AI score0.10037EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2022/05/20 12:0 a.m.9 views

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (=j11.2.6.0) +1751 more potentially affected by CVE-2022-22978 via org.springframework.security:spring-security-core (>=5.6.0 <=5.6.3)

org.springframework.security:spring-security-core MAVEN version =5.6.0, =4.4.0.2, =1.3.1.RELEASE, =0.2.0, =0.8.3, =2.1.0.M8, =1.0.0, =2.7.0.Beta3, =2.7.0.Beta4, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.RC1 and more Source cves: CVE-2022-22978 Source advisory: OSV:GHSA-HH32-7344-CG2F...

9.8CVSS6.7AI score0.10037EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2022/05/20 12:0 a.m.6 views

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +1533 more potentially affected by CVE-2022-22978 via org.springframework.security:spring-security-core (>=5.5.0 <=5.5.6)

org.springframework.security:spring-security-core MAVEN version =5.5.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.13.0, =1.13.0, =2.2.0 - be.jidoka:jdk-keycloak-admin =1.2.0 and more Source cves: CVE-2022-22978 Source advisory:...

9.8CVSS6.7AI score0.10037EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2022/05/20 12:0 a.m.6 views

africa.absa:inception-oauth2-resource-server (>=1.0.0 <=1.2.0), au.org.consumerdatastandards:client-cli (>=1.13.0 <=2.4.1) +1255 more potentially affected by CVE-2022-22978 via org.springframework.security:spring-security-web (>=5.5.0 <=5.5.6)

org.springframework.security:spring-security-web MAVEN version =5.5.0, =1.0.0, =1.13.0, =1.13.0, =1.0.0, =0.0.8-alpha, =0.0.1-alpha, =1.0.4.R, =1.0.4.R, =1.0.4.R, =1.0.4.R, =1.7.26, =1.3.30, =1.1.1-alpha, =1.1.1-alpha, =0.0.3-alpha, =0.0.4-alpha-5 and more Source cves: CVE-2022-22978 Source...

9.8CVSS6.7AI score0.10037EPSS
Exploits6
ATTACKERKB
ATTACKERKB
added 2022/05/19 3:15 p.m.6 views

CVE-2022-22978

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an...

9.8CVSS6.8AI score0.10037EPSS
Exploits6References5
NVD
NVD
added 2022/05/19 3:15 p.m.26 views

CVE-2022-22978

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an...

9.8CVSS0.10037EPSS
Exploits6References1
UbuntuCve
UbuntuCve
added 2022/05/19 3:15 p.m.55 views

CVE-2022-22978

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an...

9.8CVSS6.8AI score0.10037EPSS
Exploits6References2
CVE
CVE
added 2022/05/19 12:0 a.m.342 views

CVE-2022-22978

CVE-2022-22978 involves a bypass in Spring Security’s RegexRequestMatcher where a dot (.) in the regex can bypass authorization on certain servlet containers. Affected are Spring Security versions prior to 5.4.11+, 5.5.7+, 5.6.4+ and older unsupported releases. Connected reports show remediation ...

9.8CVSS9.2AI score0.10037EPSS
Exploits6References1Affected Software1
Cvelist
Cvelist
added 2022/05/19 12:0 a.m.35 views

CVE-2022-22978

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an...

9.6AI score0.10037EPSS
Exploits6References1
Spring Security Advisories
Spring Security Advisories
added 2022/05/16 5:27 a.m.481 views

CVE-2022-22978: Authorization Bypass in RegexRequestMatcher

UPDATES 05-17 Due to a mixup CVE-2022-22975 should have been CVE-2022-22978. The blog has been updated to reflect this correction. CVE-2022-22978 : Authorization Bypass in RegexRequestMatcher Spring Security 5.7.0, 5.6.4, 5.5.7 were released to fix CVE-2022-22978 : Authorization Bypass in...

7.5CVSS2.6AI score0.10037EPSS
Exploits6
Rows per page
Query Builder