28 matches found
SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-22259
This High severity vulnerability known as CVE-2024-22259 was introduced in 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.9.0...
Security Bulletin: spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services (CVE-2024-22259)
Summary spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services CVE-2024-22259 Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...
Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-22259, CVE-2024-22243, CVE-2024-22262).
Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-22259, CVE-2024-22243, CVE-2024-22262. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...
Oracle Identity Manager (Jul 2024 CPU)
The 12.2.1.4.0 versions of Identity Manager installed on the remote host are affected by a vilnerabilitys as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Third Party Spring Framework. The supported version...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Atlassian Confluence 1.0.1 < 7.19.24 / 7.20.x < 8.5.11 / 8.6.x < 8.9.3 (CONFSERVER-95973)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95973 advisory. - Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bamboo Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
RHEL 6 : springframework (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - springframework: URL Parsing with Host Validation CVE-2024-22259 Note that Nessus has not tested for this issue but...
Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update
Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bitbucket Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server...
Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...
Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...
VMware Spring Boot < 2.7.20.1, 3.0.x < 3.0.15.1, 3.1.x < 3.1.10, 3.2.x < 3.2.4 SSRF Vulnerability - Windows
VMware Spring Boot is prone to a server-side request forgery SSRF in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
VMware Spring Boot < 2.7.20.1, 3.0.x < 3.0.15.1, 3.1.x < 3.1.10, 3.2.x < 3.2.4 SSRF Vulnerability - Linux
VMware Spring Boot is prone to a server-side request forgery SSRF in the used Spring Framework. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2024-22259
A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL...
ai.optfor:spring-openai-api (>=0.1 <=0.3.25), am.ik.s3:simple-s3-client (>=0.1.0 <=0.1.1) +3846 more potentially affected by CVE-2024-22259 via org.springframework:spring-web (>=6.0.0 <=6.0.17)
org.springframework:spring-web MAVEN version =6.0.0, =0.1, =0.1.0, =0.2.3, =0.2.3, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =1.5.0.RELEASE, =1.5.2.RELEASE - be.tomcools:rickroll-security-spring-boot-starter =3.1.1 -...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +8250 more potentially affected by CVE-2024-22259 via org.springframework:spring-web (>=6.1.0 <=6.1.4)
org.springframework:spring-web MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.8.7 and more Source cves: CVE-2024-22259 Source advisory: OSV:GHSA-HGJH-9RJ2-G67J...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +36815 more potentially affected by CVE-2024-22259 via org.springframework:spring-web (>=1.2.1 <=5.3.32)
org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-22259 Source advisory: OSV:GHSA-HGJH-9RJ2-G67J...
CVE-2024-22259 vulnerabilities
Vulnerabilities for packages: jenkins...