Lucene search
K

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/07/30 4:48 p.m.44 views

Security Bulletin: IBM Common Licensing's Administration And Reporting Tool (ART) and IBM LKS Administration Agent are affected by Spring Framework vulnerabilities.

Summary Multiple vulnerabilites in Spring Framework affect IBM Common Licensing. Security Vulnerablities have been addressed in IBM Common Licensing. Remediations/Fixes section address remediation actions. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is...

9.8CVSS7.4AI score0.03425EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/07 7:54 p.m.58 views

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

7.3CVSS7.4AI score0.7795EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 8:36 p.m.46 views

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2022-31692 and CVE-2023-20862 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2022-31692 and CVE-2023-20862. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions,...

9.8CVSS7.6AI score0.03425EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 11:47 a.m.39 views

Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2023-20862

Summary There is a vulnerability in Spring Security that could allow a remote attacker to bypass security restrictions and remain authenticated after logout is performed. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability...

6.3CVSS6.7AI score0.00648EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2023/06/23 7:25 p.m.73 views

Update Spring-Security used on Bitbucket to fix CVE-2023-20862

h3. Problem All Bitbucket versions, excluding 8.11.x, use Spring Security 5.7.7 or older, leading to Security scans listing Bitbucket as vulnerable to CVE-2023-20862|https://spring.io/security/cve-2023-20862. h3. Environment Any Bitbucket older than version 8.11.0 h3. Steps to Reproduce Check wha...

6.3CVSS6.8AI score0.00648EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/04/19 9:30 p.m.7 views

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +625 more potentially affected by CVE-2023-20862 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.2)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2023-20862 Source advisory: OSV:GHSA-X873-6RGC-94JC...

6.3CVSS6.7AI score0.00648EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/04/19 12:0 a.m.13 views

CVE-2023-20862

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the...

6.2AI score0.00648EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/19 12:0 a.m.26 views

CVE-2023-20862

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the...

6.6AI score0.00648EPSS
Exploits0References2
CVE
CVE
added 2023/04/19 12:0 a.m.210 views

CVE-2023-20862

In CVE-2023-20862, the Spring Security logout flow fails to properly clean the security context when serialized contexts are used, and saving an empty security context to HttpSessionSecurityContextRepository is blocked. Affected versions are Spring Security 5.7.x prior to 5.7.8, 5.8.x prior to 5....

6.3CVSS6.6AI score0.00648EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder