Lucene search
+L

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/22 4:28 p.m.6 views

Security Bulletin: IBM Guardium Data Protection is affected by a spring-security-config-5.8.14.jar vulnerability (CVE-2024-38827)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working...

4.8CVSS7.1AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:27 p.m.7 views

Security Bulletin: vulerability in IBM Spectrum Symphony with spring security

Summary vulerability in IBM Spectrum Symphony with spring security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS6.6AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 8:57 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-5.8.5.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-5.8.5.jar Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in...

4.8CVSS6.5AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 10:28 p.m.7 views

Security Bulletin: Security Vulnerability in Authorization Rules in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2024-38827)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially...

4.8CVSS6.7AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 11:35 a.m.27 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

8.1CVSS10AI score0.13204EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:50 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an authorization bypass in VMware Tanzu Spring [CVE-2024-38827]

Summary IBM Watson Speech Services Cartridge is vulnerable to an authorization bypass in VMware Tanzu Spring, due to Locale dependent exceptions in the usage of usage of String.toLowerCase and String.toUpperCase CVE-2024-38827. VMware Tanzu Spring is used in our Speech microservices. This...

4.8CVSS6.2AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/07 8:9 a.m.21 views

Security Bulletin: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly affects watsonx.data

Summary The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly. Hense could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase a...

4.8CVSS6.2AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/20 5:58 a.m.17 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-38827 spring-boot-starter-security-3.3.5.jar: 1 vulnerabilities CVE-2024-38827

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-38827 spring-boot-starter-security-3.3.5.jar: 1 vulnerabilities CVE-2024-38827. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38827...

4.8CVSS6.4AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/14 5:58 a.m.20 views

Security Bulletin: IBM Operational Decision Manager for Jan 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-51504...

9.1CVSS7.9AI score0.01726EPSS
Exploits3Affected Software1
RedhatCVE
RedhatCVE
added 2024/12/02 9:20 p.m.27 views

CVE-2024-38827

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS6.7AI score0.00385EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/12/02 3:31 p.m.8 views

app.valuationcontrol:library (>=0.5.2 <=0.5.6), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +2211 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.2.0 <=6.2.7)

org.springframework.security:spring-security-core MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.6, =1.0.31 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

4.8CVSS6.6AI score0.00385EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/12/02 3:31 p.m.7 views

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +2397 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.3.0 <=6.3.4)

org.springframework.security:spring-security-core MAVEN version =6.3.0, =cloud-0.1, =1.3.0, =1.0.0, =1.0.0, =0.0.1, =1.0.42, =1.0.45 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

4.8CVSS6.6AI score0.00385EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/12/02 3:31 p.m.8 views

be.personify.iam:personify-frontend (>=1.5.1.RELEASE <=1.5.2.RELEASE), br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5) +723 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.1.0 <=6.1.1)

org.springframework.security:spring-security-core MAVEN version =6.1.0, =1.5.1.RELEASE, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.5 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

4.8CVSS6.7AI score0.00385EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/12/02 3:31 p.m.8 views

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +606 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.15)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

4.8CVSS6.7AI score0.00385EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/12/02 3:31 p.m.9 views

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +9317 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=2.0.0 <=5.7.13)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.7 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

4.8CVSS6.6AI score0.00385EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/12/02 3:31 p.m.13 views

be.jidoka:jdk-keycloak-admin (=2.0.0), br.com.devires.framework.boot:devires-framework-boot-audit (=1.1.0) +694 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.0.0 <=6.0.1)

org.springframework.security:spring-security-core MAVEN version =6.0.0, =1.1.0, =1.1.0, =0.12.0, =0.12.0, =0.12.0, =0.13.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =2023.0.0.2-alpha.1, =2023.0.0.2-alpha.2 and more Source cves: CVE-2024-38827 Source advisory:...

4.8CVSS6.7AI score0.00385EPSS
Exploits0
Chainguard
Chainguard
added 2024/12/02 3:15 p.m.25 views

CVE-2024-38827 vulnerabilities

Vulnerabilities for packages: jenkins, thingsboard...

4.8CVSS6.2AI score0.00385EPSS
Exploits0
Wolfi
Wolfi
added 2024/12/02 3:15 p.m.20 views

CVE-2024-38827 vulnerabilities

Vulnerabilities for packages: thingsboard...

4.8CVSS7.2AI score0.00385EPSS
Exploits0
CVE
CVE
added 2024/12/02 2:32 p.m.347 views

CVE-2024-38827

CVE-2024-38827 (IBM Controller) is described as a locale-dependent issue in String.toLowerCase()/toUpperCase() that could cause authorization rules to bypass. Affected product/version: IBM Controller 11.1.0–11.1.1. Remediation: upgrade to IBM Controller 11.1.2 (per IBM bulletin). Connected docs p...

4.8CVSS5.2AI score0.00385EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/02 2:32 p.m.56 views

CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS0.00385EPSS
Exploits0References1
Rows per page
Query Builder