11 matches found
CVE-2023-34035
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...
Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . Multiple CVEs
Summary There is a vulnerability in Spring Security that could allow a remote attacker to cause an authorization rule misconfiguration issue. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34034 and CVE-2023-34035 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2023-34034 and CVE-2023-34035. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Securi...
br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5), cn.herodotus.engine:oauth2-sdk-authentication (>=3.0.6.4 <=3.1.1.3) +314 more potentially affected by CVE-2023-34035 via org.springframework.security:spring-security-config (>=6.1.0 <=6.1.1)
org.springframework.security:spring-security-config MAVEN version =6.1.0, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =0.1.0, =6.1.11, =6.1.11, =7.0.0, =7.0.0, =6.1.11, =6.1.11, =6.2.0 and more Source cves: CVE-2023-34035 Source advisory: OSV:GHSA-4VPR-XFRP-CJ64...
cc.chensoul.nacos:nacos-distribution (=2.5.2), com.buession.security:buession-security-spring (>=3.0.0 <=3.0.1) +262 more potentially affected by CVE-2023-34035 via org.springframework.security:spring-security-config (>=5.8.0 <=5.8.4)
org.springframework.security:spring-security-config MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =4.5.0, =4.5.0, =4.5.0, =6.5.0, =4.5.0, =4.5.1 and more Source cves: CVE-2023-34035 Source advisory: OSV:GHSA-4VPR-XFRP-CJ64...
cc.vihackerframework:vihacker-security-starter (=1.0.8.R), city.smartb.fs:f2-spring-boot-starter-auth-tenant (>=0.15.0 <=0.15.0-RC2) +399 more potentially affected by CVE-2023-34035 via org.springframework.security:spring-security-config (>=6.0.0 <=6.0.4)
org.springframework.security:spring-security-config MAVEN version =6.0.0, =0.15.0, =0.12.0, =0.12.0, =0.15.0, =0.12.0, =0.13.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =2023.0.0.2-alpha.1, =2023.0.0.0, =2023.0.0.1, =2023.0.0.2-alpha.2 and more Source cves: CVE-2023-34035 Source advisory...
CVE-2023-34035
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...
CVE-2023-34035
CVE-2023-34035 is a Spring Security authorization misconfiguration affecting Spring MVC apps that use requestMatchers(String) to reference endpoints and secure more than one servlet (including DispatcherServlet). The underlying issue is a misconfiguration that can occur when non-Spring MVC endpoi...
CVE-2023-34035
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...