20 matches found
Security Bulletin: IBM Guardium Data Protection is affected by a spring-security-config-5.8.14.jar vulnerability (CVE-2024-38827)
Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working...
Security Bulletin: vulerability in IBM Spectrum Symphony with spring security
Summary vulerability in IBM Spectrum Symphony with spring security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-5.8.5.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-5.8.5.jar Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in...
Security Bulletin: Security Vulnerability in Authorization Rules in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2024-38827)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an authorization bypass in VMware Tanzu Spring [CVE-2024-38827]
Summary IBM Watson Speech Services Cartridge is vulnerable to an authorization bypass in VMware Tanzu Spring, due to Locale dependent exceptions in the usage of usage of String.toLowerCase and String.toUpperCase CVE-2024-38827. VMware Tanzu Spring is used in our Speech microservices. This...
Security Bulletin: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly affects watsonx.data
Summary The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly. Hense could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase a...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-38827 spring-boot-starter-security-3.3.5.jar: 1 vulnerabilities CVE-2024-38827
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-38827 spring-boot-starter-security-3.3.5.jar: 1 vulnerabilities CVE-2024-38827. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38827...
Security Bulletin: IBM Operational Decision Manager for Jan 2025 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-51504...
CVE-2024-38827
The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...
app.valuationcontrol:library (>=0.5.2 <=0.5.6), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +2211 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.2.0 <=6.2.7)
org.springframework.security:spring-security-core MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.6, =1.0.31 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...
ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +2397 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.3.0 <=6.3.4)
org.springframework.security:spring-security-core MAVEN version =6.3.0, =cloud-0.1, =1.3.0, =1.0.0, =1.0.0, =0.0.1, =1.0.42, =1.0.45 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...
be.personify.iam:personify-frontend (>=1.5.1.RELEASE <=1.5.2.RELEASE), br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5) +723 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.1.0 <=6.1.1)
org.springframework.security:spring-security-core MAVEN version =6.1.0, =1.5.1.RELEASE, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.5 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...
cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +606 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.15)
org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...
africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +9317 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=2.0.0 <=5.7.13)
org.springframework.security:spring-security-core MAVEN version =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.7 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...
be.jidoka:jdk-keycloak-admin (=2.0.0), br.com.devires.framework.boot:devires-framework-boot-audit (=1.1.0) +694 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.0.0 <=6.0.1)
org.springframework.security:spring-security-core MAVEN version =6.0.0, =1.1.0, =1.1.0, =0.12.0, =0.12.0, =0.12.0, =0.13.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =2023.0.0.2-alpha.1, =2023.0.0.2-alpha.2 and more Source cves: CVE-2024-38827 Source advisory:...
CVE-2024-38827 vulnerabilities
Vulnerabilities for packages: jenkins, thingsboard...
CVE-2024-38827 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2024-38827
CVE-2024-38827 (IBM Controller) is described as a locale-dependent issue in String.toLowerCase()/toUpperCase() that could cause authorization rules to bypass. Affected product/version: IBM Controller 11.1.0–11.1.1. Remediation: upgrade to IBM Controller 11.1.2 (per IBM bulletin). Connected docs p...
CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons
The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...