Lucene search
K

30 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/28 8:28 p.m.6 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

5.3CVSS6.7AI score0.00485EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/24 6:31 p.m.34 views

Spring Security Vulnerable to Authorization Bypass via Security Annotations

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or...

5.3CVSS7.2AI score0.00485EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/24 6:31 p.m.1 views

GHSA-HH3M-G4QJ-4835 Spring Security Vulnerable to Authorization Bypass via Security Annotations

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or...

5.3CVSS5.9AI score0.00485EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/24 5:42 p.m.10 views

CVE-2025-22223

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or...

5.3CVSS7.2AI score0.00485EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 5:42 p.m.38 views

CVE-2025-22223

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or...

5.3CVSS0.00485EPSS
Exploits0References1
Veracode
Veracode
added 2024/08/21 7:4 a.m.12 views

Improper Authorization

org.springframework.security, spring-security-core is vulnerable to Improper Authorization. The vulnerability is caused due to a missing Authorization when using @AuthorizeReturnObject. This allows attacker to render security annotations inaffective...

7.5CVSS6.7AI score0.00432EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/20 6:31 a.m.18 views

Spring Security Missing Authorization vulnerability

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

7.5CVSS6.8AI score0.00432EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/20 6:31 a.m.3 views

GHSA-HMQF-WPQ9-JQ83 Spring Security Missing Authorization vulnerability

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

6.9CVSS5.9AI score0.00432EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.5 views

Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in Spring Security versions 6.3.0 and 6.3.1, which stems from a lack of authorization when using @AuthorizeReturnObject, and allows ...

7.5CVSS6.4AI score0.00432EPSS
Exploits0References3
OSV
OSV
added 2022/12/05 11:8 p.m.25 views

GHSA-X45C-CVP8-Q4FM Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace

Capsule implements a multi-tenant and policy-based environment in a Kubernetes cluster. A ServiceAccount deployed in a Tenant Namespace, when granted with PATCH capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operato...

8.8CVSS8.6AI score0.00861EPSS
Exploits0References6
Rows per page
Query Builder