17 matches found
Security Bulletin: VMware Tanzu Spring Framework is vulnerable to CVE-2023-20860 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Framework which is vulnerable to CVE-2023-20860. IBM has addressed this vulnerability. Vulnerability Details CVEID:CVE-2023-20860 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in VMware Tanzu Spring Framework [CVE-2023-20860]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in VMware Tanzu Spring Framework due to the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher CVE-2023-20860. Spring Framework is included as part of our speech...
RHEL 8 : Red Hat Virtualization (RHSA-2023:3771)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3771 advisory. The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and...
Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining [CVE-2023-20860]
Summary There is a vulnerability in Spring Framework that could allow a remote authenticated attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2023-20860 Vulnerability Details...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is affected by a security restrictions bypass due to Spring Framework [CVE-2023-20860]
Summary There is a vulnerability in Spring Framework used by Integrated File Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20860 DESCRIPTION: VMwar...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected by security restriction bypass due to Spring Framework [CVE-2023-20860]
Summary IBM Sterling Connect:Direct for UNIX File Agent component is affected by security restriction bypass due to Spring Framework. Spring Framework has been upgraded in IBM Sterling Connect:Direct for UNIX File Agent component. CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20860...
Security Bulletin: Multiple vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-20860, CVE-2023-20861).
Summary Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-20860, CVE-2023-20861. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service...
K000134500: Spring Framework vulnerability CVE-2023-20860
Security Advisory Description Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Spring Framework 5.3.x < 5.3.26 / 6.0.x < 6.0.7 Security Bypass (CVE-2023-20860)
The remote host contains a Spring Framework version is affected by a security bypass vulnerability. Using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
CVE-2023-20860 affects Spring Framework 6.0.0–6.0.6 and 5.3.0–5.3.25 where using ** as a pattern in Spring Security’s mvcRequestMatcher can cause a mismatch with Spring MVC pattern matching, creating a potential security bypass. Remediation: upgrade to fixed releases; IBM’s advisory notes a patch...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Exploit for CVE-2023-20860
For studying CVE-2023-20860: Security Bypass With Un-Prefixe...