12 matches found
Oracle WebCenter Sites (Jul 2024 CPU)
The 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites Spring Security. The supported...
Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...
Exploit for Improper Preservation of Permissions in Vmware Spring_Security
cve-2023-34034 Demonstration of CVE-2023-34034 aut...
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . Multiple CVEs
Summary There is a vulnerability in Spring Security that could allow a remote attacker to cause an authorization rule misconfiguration issue. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34034 and CVE-2023-34035 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2023-34034 and CVE-2023-34035. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Securi...
cc.chensoul.nacos:nacos-distribution (=2.5.2), com.buession.security:buession-security-spring (>=3.0.0 <=3.0.1) +262 more potentially affected by CVE-2023-34034 via org.springframework.security:spring-security-config (>=5.8.0 <=5.8.4)
org.springframework.security:spring-security-config MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =4.5.0, =4.5.0, =4.5.0, =6.5.0, =4.5.0, =4.5.1 and more Source cves: CVE-2023-34034 Source advisory: OSV:GHSA-3H6F-G5F3-GC4W...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (=j11.2.6.0) +830 more potentially affected by CVE-2023-34034 via org.springframework.security:spring-security-config (>=5.6.0 <=5.6.10)
org.springframework.security:spring-security-config MAVEN version =5.6.0, =4.4.0.2, =0.2.0, =2.1.0.M8, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =0.0.1, =0.0.6 - com.atlassian.connect:atlassian-connect-spring-boot-api =2.2.7 - com.atlassian.connect:atlassian-connect-spring-boot-core...
CVE-2023-34034
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
CVE-2023-34034
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
CVE-2023-34034
CVE-2023-34034 is documented in IBM security bulletins as affecting VMware Tanzu Spring Security when using "**" as a pattern in WebFlux configuration, causing a pattern-matching bypass. The IBM bulletin assigns a CVSS v3.0 base score of 9.1 (Impact: Confidentiality High, Integrity High, Availabi...
CVE-2023-34034
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
CVE-2023-34034
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...