Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:21 a.m.11 views

CVE-2023-34035

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

7.3CVSS6.6AI score0.00568EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/07 7:54 p.m.58 views

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

7.3CVSS7.4AI score0.7795EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 5:56 p.m.46 views

Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...

9.8CVSS8.9AI score0.03465EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 9:28 a.m.45 views

Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in Spring Security that could allow a remote attacker to cause an authorization rule misconfiguration issue. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

9.8CVSS7.1AI score0.03465EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/26 6:30 p.m.44 views

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34034 and CVE-2023-34035 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2023-34034 and CVE-2023-34035. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Securi...

9.8CVSS7.7AI score0.03465EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsv
added 2023/07/18 6:30 p.m.7 views

br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5), cn.herodotus.engine:oauth2-sdk-authentication (>=3.0.6.4 <=3.1.1.3) +314 more potentially affected by CVE-2023-34035 via org.springframework.security:spring-security-config (>=6.1.0 <=6.1.1)

org.springframework.security:spring-security-config MAVEN version =6.1.0, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =0.1.0, =6.1.11, =6.1.11, =7.0.0, =7.0.0, =6.1.11, =6.1.11, =6.2.0 and more Source cves: CVE-2023-34035 Source advisory: OSV:GHSA-4VPR-XFRP-CJ64...

7.3CVSS6.7AI score0.00568EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/07/18 6:30 p.m.13 views

cc.chensoul.nacos:nacos-distribution (=2.5.2), com.buession.security:buession-security-spring (>=3.0.0 <=3.0.1) +262 more potentially affected by CVE-2023-34035 via org.springframework.security:spring-security-config (>=5.8.0 <=5.8.4)

org.springframework.security:spring-security-config MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =4.5.0, =4.5.0, =4.5.0, =6.5.0, =4.5.0, =4.5.1 and more Source cves: CVE-2023-34035 Source advisory: OSV:GHSA-4VPR-XFRP-CJ64...

7.3CVSS6.7AI score0.00568EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/07/18 6:30 p.m.7 views

cc.vihackerframework:vihacker-security-starter (=1.0.8.R), city.smartb.fs:f2-spring-boot-starter-auth-tenant (>=0.15.0 <=0.15.0-RC2) +399 more potentially affected by CVE-2023-34035 via org.springframework.security:spring-security-config (>=6.0.0 <=6.0.4)

org.springframework.security:spring-security-config MAVEN version =6.0.0, =0.15.0, =0.12.0, =0.12.0, =0.15.0, =0.12.0, =0.13.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =2023.0.0.2-alpha.1, =2023.0.0.0, =2023.0.0.1, =2023.0.0.2-alpha.2 and more Source cves: CVE-2023-34035 Source advisory...

7.3CVSS6.7AI score0.00568EPSS
Exploits1
Cvelist
Cvelist
added 2023/07/18 3:29 p.m.31 views

CVE-2023-34035

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

7.3CVSS7.4AI score0.00568EPSS
Exploits1References1
CVE
CVE
added 2023/07/18 3:29 p.m.90 views

CVE-2023-34035

CVE-2023-34035 is a Spring Security authorization misconfiguration affecting Spring MVC apps that use requestMatchers(String) to reference endpoints and secure more than one servlet (including DispatcherServlet). The underlying issue is a misconfiguration that can occur when non-Spring MVC endpoi...

7.3CVSS5.4AI score0.00568EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/07/18 3:29 p.m.32 views

CVE-2023-34035

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

7.3CVSS7AI score0.00568EPSS
Exploits1References3
Rows per page
Query Builder