12 matches found
ROOT-APP-MAVEN-CVE-2024-22257 CVE-2024-22257 in io.root.org.springframework.security:spring-security-core - Patched by Root
Root has patched CVE-2024-22257 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-5.8.5.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-5.8.5.jar Vulnerability Details CVEID:CVE-2024-22257 DESCRIPTION: In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8...
Oracle MySQL Enterprise Monitor (Jul 2024 CPU)
The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor component Spring Security. A remote unauthenticated attacker could gain unauthorized access t...
Atlassian Jira Service Management Data Center and Server < 5.4.20 / 5.5.x < 5.12.7 / 5.13.x < 5.15.2 Broken Access Control (JSDSERVER-15307)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15307 advisory. - In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to...
Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...
CVE-2024-22257
creationtimestamp| type| source ---|---|--- 2024-03-18 16:26:47+00:00| seen| https://t.me/ctinow/210703 2024-03-18 16:26:55+00:00| seen| https://t.me/ctinow/210708 2024-03-18 19:06:23+00:00| seen| https://t.me/ctinow/210849 2025-02-13 19:16:36+00:00| published-proof-of-concept|...
africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +9255 more potentially affected by CVE-2024-22257 via org.springframework.security:spring-security-core (>=2.0.0 <=5.7.11)
org.springframework.security:spring-security-core MAVEN version =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.7 and more Source cves: CVE-2024-22257 Source advisory: OSV:GHSA-F3JH-QVM4-MG39...
cn.sparrowmini:sparrow-org-service (=0.0.1), cn.sparrowmini:sparrow-pem-service (=0.0.1) +435 more potentially affected by CVE-2024-22257 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.10)
org.springframework.security:spring-security-core MAVEN version =5.8.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =3.7.0, =3.7.0, =3.7.0, =3.7.0, =1.3.1, =1.3.2 - com.gitlab.summer-cattle:cattle-addons-wechat-starter =0.0.5 - com.gitlab.summer-cattle:cattle-commons-web-mvc =0.0.6 and mor...
be.jidoka:jdk-keycloak-admin (>=2.0.0 <=2.2.0), be.personify.iam:personify-frontend (>=1.5.1.RELEASE <=1.5.2.RELEASE) +1607 more potentially affected by CVE-2024-22257 via org.springframework.security:spring-security-core (>=6.0.0 <=6.1.7)
org.springframework.security:spring-security-core MAVEN version =6.0.0, =2.0.0, =1.5.1.RELEASE, =1.1.0, =1.1.0, =1.1.4.2, =1.1.5 - cc.vihackerframework:vihacker-auth-starter =1.0.8.R - cc.vihackerframework:vihacker-common-starter =1.0.8.R - cc.vihackerframework:vihacker-log-starter =1.0.8.R -...
CVE-2024-22257 vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2024-22257 vulnerabilities
Vulnerabilities for packages: kayenta, kayenta-fips...
CVE-2024-22257
CVE-2024-22257 refers to a broken access control in Spring Security where an application vulnerable if it directly uses AuthenticatedVoter.vote with a null Authentication. The entry lists affected versions: 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, 6.0.x prior to 6.0.9, 6.1.x prior to 6.1.8, ...