36 matches found
Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in spring-security-core-6.4.5.jar (CVE-2025-41232)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41232 in spring-security-core-6.4.5.jar. Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an...
EUVD-2022-4059
Malicious code in bioql PyPI...
EUVD-2025-15999
Malicious code in bioql PyPI...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-6.4.5.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-6.4.5.jar Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass...
GHSA-9PP5-9C7G-4R83 Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232
CVE-2025-41232 affects multiple IBM and Spring-based products where Spring Security Aspects may fail to locate method security annotations on private methods, enabling potential authorization bypass when using @EnableMethodSecurity(mode=ASPECTJ) with spring-security-aspects and private annotated ...
VMware Spring Security 安全漏洞
VMware Spring Security is a set of security frameworks from VMware, Inc. that provide illustrative security protection for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 6.4.0 through 6.4.5 that stems from not properly locating security annotations o...
PT-2025-22336 · Spring · Spring Security Aspects
Name of the Vulnerable Software and Affected Versions: Spring Security Aspects affected versions not specified Description: The issue concerns Spring Security Aspects not correctly locating method security annotations on private methods, potentially causing an authorization bypass. This can affec...
OESA-2025-1092 infinispan security update
Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the...
MAL-2024-9768 Malicious code in plugin-transform-private-methods (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-private-methods (npm)
--- -= Per source details. Do not edit below this line.=-...
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...
OESA-2024-1667 infinispan security update
Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the...