Lucene search
+L

28 matches found

Atlassian
Atlassian
added 2025/11/14 6:28 a.m.17 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-22259

This High severity vulnerability known as CVE-2024-22259 was introduced in 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.9.0...

8.1CVSS6.8AI score0.02573EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 12:58 a.m.50 views

Security Bulletin: spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services (CVE-2024-22259)

Summary spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services CVE-2024-22259 Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

8.1CVSS6.2AI score0.03967EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/26 8:24 a.m.60 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-22259, CVE-2024-22243, CVE-2024-22262).

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-22259, CVE-2024-22243, CVE-2024-22262. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

8.1CVSS8.2AI score0.03967EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.32 views

Oracle Identity Manager (Jul 2024 CPU)

The 12.2.1.4.0 versions of Identity Manager installed on the remote host are affected by a vilnerabilitys as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Third Party Spring Framework. The supported version...

8.1CVSS6.5AI score0.02573EPSS
Exploits1References2
Atlassian
Atlassian
added 2024/07/11 7:10 a.m.51 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.39 views

Atlassian Confluence 1.0.1 < 7.19.24 / 7.20.x < 8.5.11 / 8.6.x < 8.9.3 (CONFSERVER-95973)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95973 advisory. - Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the...

8.1CVSS6.4AI score0.03967EPSS
Exploits2References2
Atlassian
Atlassian
added 2024/06/20 8:14 a.m.48 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bamboo Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

6.6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 8:14 p.m.49 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

8.2CVSS9.5AI score0.02573EPSS
Exploits5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 6 : springframework (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - springframework: URL Parsing with Host Validation CVE-2024-22259 Note that Nessus has not tested for this issue but...

8.1CVSS8.1AI score0.02573EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/05/21 2:18 p.m.109 views

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update

Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.1CVSS6.6AI score0.8581EPSS
Exploits4References14
Atlassian
Atlassian
added 2024/05/10 10:10 a.m.68 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bitbucket Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server...

7.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/06 4:53 p.m.49 views

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...

9.8CVSS8.8AI score0.32257EPSS
Exploits6Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/16 6:30 a.m.646 views

Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

8.1CVSS6AI score0.01191EPSS
Exploits2References5Affected Software1
OpenVAS
OpenVAS
added 2024/03/18 12:0 a.m.62 views

VMware Spring Boot < 2.7.20.1, 3.0.x < 3.0.15.1, 3.1.x < 3.1.10, 3.2.x < 3.2.4 SSRF Vulnerability - Windows

VMware Spring Boot is prone to a server-side request forgery SSRF in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

8.1CVSS6.5AI score0.02573EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/03/18 12:0 a.m.84 views

VMware Spring Boot < 2.7.20.1, 3.0.x < 3.0.15.1, 3.1.x < 3.1.10, 3.2.x < 3.2.4 SSRF Vulnerability - Linux

VMware Spring Boot is prone to a server-side request forgery SSRF in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

8.1CVSS6.5AI score0.02573EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2024/03/16 6:46 p.m.92 views

CVE-2024-22259

A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL...

8.1CVSS7.8AI score0.02573EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2024/03/16 6:30 a.m.4 views

ai.optfor:spring-openai-api (>=0.1 <=0.3.25), am.ik.s3:simple-s3-client (>=0.1.0 <=0.1.1) +3846 more potentially affected by CVE-2024-22259 via org.springframework:spring-web (>=6.0.0 <=6.0.17)

org.springframework:spring-web MAVEN version =6.0.0, =0.1, =0.1.0, =0.2.3, =0.2.3, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =1.5.0.RELEASE, =1.5.2.RELEASE - be.tomcools:rickroll-security-spring-boot-starter =3.1.1 -...

8.1CVSS6.6AI score0.02573EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/03/16 6:30 a.m.15 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +8250 more potentially affected by CVE-2024-22259 via org.springframework:spring-web (>=6.1.0 <=6.1.4)

org.springframework:spring-web MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.8.7 and more Source cves: CVE-2024-22259 Source advisory: OSV:GHSA-HGJH-9RJ2-G67J...

8.1CVSS6.6AI score0.02573EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/03/16 6:30 a.m.20 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +36815 more potentially affected by CVE-2024-22259 via org.springframework:spring-web (>=1.2.1 <=5.3.32)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-22259 Source advisory: OSV:GHSA-HGJH-9RJ2-G67J...

8.1CVSS6.6AI score0.02573EPSS
Exploits1
Wolfi
Wolfi
added 2024/03/16 5:15 a.m.86 views

CVE-2024-22259 vulnerabilities

Vulnerabilities for packages: jenkins...

8.1CVSS7.2AI score0.02573EPSS
Exploits1
Rows per page
Query Builder