9 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-31690
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certai...
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-31690
Summary There is a vulnerability in Spring Security that could allow a remote attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-31690...
Critical: Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update
Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update
Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update
Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable unauthorized privilege escalation due to Spring Security (CVE-2022-31690)
Summary IBM Sterling Partner Engagement Manager has addressed a vulnerablity in Spring Security that allows a remote attacker to gain elevated privileges on the system. Vulnerability Details CVEID:CVE-2022-31690 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to gain...
cn.kduck:kduck-security-principal (=1.1.3), com.atlassian.connect:atlassian-connect-spring-boot-core (>=3.0.0 <=3.0.10) +338 more potentially affected by CVE-2022-31690 via org.springframework.security:spring-security-oauth2-client (>=5.7.1 <=5.7.4)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.7.1, =3.0.0, =3.0.0, =4.3.0, =5.1.3, =5.1.3, =5.1.0, =4.2.0, =0.1.33, =1.18.8, =1.18.8, =2.9 - com.graphql-java-generator:graphql-maven-plugin =1.18.8 and more Source cves: CVE-2022-31690https://vulners.com/cve/CVE-2...
CVE-2022-31690
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...
CVE-2022-31690
CVE-2022-31690 affects Spring Security versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9. A malicious user could modify a client-initiated request to the Authorization Server, leading to privilege escalation on the subsequent approval if the OAuth2 Access Token Response incorrectly contains an e...