Lucene search
+L

17 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 8:42 p.m.50 views

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to CVE-2023-20860 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Framework which is vulnerable to CVE-2023-20860. IBM has addressed this vulnerability. Vulnerability Details CVEID:CVE-2023-20860 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass...

7.5CVSS7.3AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 7:44 p.m.38 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in VMware Tanzu Spring Framework [CVE-2023-20860]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in VMware Tanzu Spring Framework due to the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher CVE-2023-20860. Spring Framework is included as part of our speech...

7.5CVSS7.2AI score0.03514EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.47 views

RHEL 8 : Red Hat Virtualization (RHSA-2023:3771)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3771 advisory. The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and...

7.5CVSS6.9AI score0.03514EPSS
Exploits1References10
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/29 1:35 p.m.33 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining [CVE-2023-20860]

Summary There is a vulnerability in Spring Framework that could allow a remote authenticated attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2023-20860 Vulnerability Details...

7.5CVSS7.3AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/19 9:39 a.m.45 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is affected by a security restrictions bypass due to Spring Framework [CVE-2023-20860]

Summary There is a vulnerability in Spring Framework used by Integrated File Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20860 DESCRIPTION: VMwar...

7.5CVSS7.2AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/18 5:28 p.m.53 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected by security restriction bypass due to Spring Framework [CVE-2023-20860]

Summary IBM Sterling Connect:Direct for UNIX File Agent component is affected by security restriction bypass due to Spring Framework. Spring Framework has been upgraded in IBM Sterling Connect:Direct for UNIX File Agent component. CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20860...

7.5CVSS7.2AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/10 4:23 a.m.66 views

Security Bulletin: Multiple vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-20860, CVE-2023-20861).

Summary Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-20860, CVE-2023-20861. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service...

7.5CVSS7.5AI score0.03514EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2023/05/08 7:57 a.m.38 views

K000134500: Spring Framework vulnerability CVE-2023-20860

Security Advisory Description Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS6.7AI score0.03514EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/05/04 12:0 a.m.89 views

Spring Framework 5.3.x < 5.3.26 / 6.0.x < 6.0.7 Security Bypass (CVE-2023-20860)

The remote host contains a Spring Framework version is affected by a security bypass vulnerability. Using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS6.8AI score0.03514EPSS
Exploits1References2
NVD
NVD
added 2023/03/27 10:15 p.m.35 views

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS7.5AI score0.03514EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/03/27 10:15 p.m.52 views

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS6.8AI score0.03514EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.34 views

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.8AI score0.03514EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/03/27 12:0 a.m.7 views

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5AI score0.03514EPSS
Exploits1References2
OSV
OSV
added 2023/03/27 12:0 a.m.42 views

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS7.8AI score0.03514EPSS
Exploits1References4
CVE
CVE
added 2023/03/27 12:0 a.m.367 views

CVE-2023-20860

CVE-2023-20860 affects Spring Framework 6.0.0–6.0.6 and 5.3.0–5.3.25 where using ** as a pattern in Spring Security’s mvcRequestMatcher can cause a mismatch with Spring MVC pattern matching, creating a potential security bypass. Remediation: upgrade to fixed releases; IBM’s advisory notes a patch...

7.5CVSS7.4AI score0.03514EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2023/03/27 12:0 a.m.49 views

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS6.5AI score0.03514EPSS
Exploits1
GithubExploit
GithubExploit
added 2023/03/24 7:23 a.m.416 views

Exploit for CVE-2023-20860

For studying CVE-2023-20860: Security Bypass With Un-Prefixe...

7.5CVSS7.6AI score0.03514EPSS
Exploits1
Rows per page
Query Builder