Lucene search
+L

12 matches found

nessus
nessus
added 2024/07/22 12:0 a.m.26 views

Oracle WebCenter Sites (Jul 2024 CPU)

The 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites Spring Security. The supported...

9.8CVSS6.5AI score0.03465EPSS
Exploits1References5
ibm
ibm
added 2023/12/12 5:56 p.m.46 views

Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...

9.8CVSS8.9AI score0.03465EPSS
Exploits6Affected Software1
githubexploit
githubexploit
added 2023/12/02 10:51 a.m.258 views

Exploit for Improper Preservation of Permissions in Vmware Spring_Security

cve-2023-34034 Demonstration of CVE-2023-34034 aut...

9.8CVSS8.7AI score0.03465EPSS
Exploits1
ibm
ibm
added 2023/10/11 9:28 a.m.45 views

Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in Spring Security that could allow a remote attacker to cause an authorization rule misconfiguration issue. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

9.8CVSS7.1AI score0.03465EPSS
Exploits2Affected Software1
ibm
ibm
added 2023/09/26 6:30 p.m.44 views

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34034 and CVE-2023-34035 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2023-34034 and CVE-2023-34035. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Securi...

9.8CVSS7.7AI score0.03465EPSS
Exploits2Affected Software1
vulnersosv
vulnersosv
added 2023/07/19 3:30 p.m.5 views

cc.chensoul.nacos:nacos-distribution (=2.5.2), com.buession.security:buession-security-spring (>=3.0.0 <=3.0.1) +262 more potentially affected by CVE-2023-34034 via org.springframework.security:spring-security-config (>=5.8.0 <=5.8.4)

org.springframework.security:spring-security-config MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =4.5.0, =4.5.0, =4.5.0, =6.5.0, =4.5.0, =4.5.1 and more Source cves: CVE-2023-34034 Source advisory: OSV:GHSA-3H6F-G5F3-GC4W...

9.8CVSS6.7AI score0.03465EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/07/19 3:30 p.m.4 views

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (=j11.2.6.0) +830 more potentially affected by CVE-2023-34034 via org.springframework.security:spring-security-config (>=5.6.0 <=5.6.10)

org.springframework.security:spring-security-config MAVEN version =5.6.0, =4.4.0.2, =0.2.0, =2.1.0.M8, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =0.0.1, =0.0.6 - com.atlassian.connect:atlassian-connect-spring-boot-api =2.2.7 - com.atlassian.connect:atlassian-connect-spring-boot-core...

9.8CVSS6.7AI score0.03465EPSS
Exploits1
nvd
nvd
added 2023/07/19 3:15 p.m.40 views

CVE-2023-34034

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.8CVSS9.4AI score0.03465EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2023/07/19 2:16 p.m.26 views

CVE-2023-34034

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.1CVSS9.5AI score0.03465EPSS
Exploits1References2
cve
cve
added 2023/07/19 2:16 p.m.312 views

CVE-2023-34034

CVE-2023-34034 is documented in IBM security bulletins as affecting VMware Tanzu Spring Security when using "**" as a pattern in WebFlux configuration, causing a pattern-matching bypass. The IBM bulletin assigns a CVSS v3.0 base score of 9.1 (Impact: Confidentiality High, Integrity High, Availabi...

9.8CVSS9.2AI score0.03465EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2023/07/19 2:16 p.m.50 views

CVE-2023-34034

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.1CVSS9.6AI score0.03465EPSS
Exploits1References2
osv
osv
added 2023/07/19 2:16 p.m.39 views

CVE-2023-34034

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.1CVSS7.2AI score0.03465EPSS
Exploits1References4
Rows per page
Query Builder