2 matches found
CVE-2022-43712
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...
CVE-2022-43712
GX Software XperienCentral 10.36.0 and earlier is affected by CVE-2022-22965 (Spring4Shell) via data binding in Spring MVC/WebFlux on Java 9+. An attacker able to reach a vulnerable WAR/deployed app could achieve remote code execution. Root cause: unsafe data binding in Spring Framework modules; ...