Lucene search
K

1888 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.47 views

Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVE's

Summary OpenSource Pivotal Spring Framework as used in IBM QRadar is susceptible to several vulnerabilities. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection X...

6.8CVSS1.1AI score0.91354EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.35 views

Security Bulletin: OpenSource GoPivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2014-3578, CVE-2014-3625)

Summary Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. IBM Security Guardium addressed these issues Vulnerability Details CVEID: CVE-2014-3578 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. ...

5CVSS2AI score0.1005EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.43 views

Security Bulletin: OpenSource Spring Source/Pivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054)

Summary Pivotal Spring Framework could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when...

6.8CVSS1.1AI score0.91354EPSS
Exploits2Affected Software1
OSV
OSV
added 2018/06/11 5:29 p.m.5 views

CVE-2017-3203

The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may b...

8.1CVSS6AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/06/07 8:25 a.m.2 views

spring-framework: ReDoS Attack with spring-messaging

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS7.2AI score0.03279EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2018/05/15 10:48 p.m.36 views

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

8.8CVSS3.8AI score0.02427EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/05/15 10:19 p.m.26 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS5.2AI score0.03279EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/15 12:0 a.m.2 views

Pivotal Spring Framework Denial of Service Vulnerability

Pivotal Spring Framework is the United States Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Pivotal Spring Framework versions 5.0.x prior to 5.0.6, 4.3.x prior to 4.3.1...

6.5CVSS6.7AI score0.03279EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/15 12:0 a.m.4 views

Pivotal Spring Security and Spring Framework Elevation of Privilege Vulnerability

Pivotal Spring Security and Spring Framework are both products of Pivotal Software, Inc.Pivotal Spring Security is a set of security frameworks that provide illustrative security protection for Spring-based applications.Spring Framework Spring Framework is a set of open source Java, Java EE...

8.8CVSS6.9AI score0.02427EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/05/11 8:29 p.m.55 views

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

8.8CVSS6.8AI score0.02427EPSS
Exploits0References2
Prion
Prion
added 2018/05/11 8:29 p.m.27 views

Authorization

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

6.5CVSS9.1AI score0.02427EPSS
Exploits0References16Affected Software37
Prion
Prion
added 2018/05/11 8:29 p.m.20 views

Code injection

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

4CVSS7.5AI score0.03279EPSS
Exploits0References11Affected Software29
NVD
NVD
added 2018/05/11 8:29 p.m.23 views

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

8.8CVSS8.7AI score0.02427EPSS
Exploits0References16
NVD
NVD
added 2018/05/11 8:29 p.m.28 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.5AI score0.03279EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2018/05/11 8:29 p.m.31 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.8AI score0.03279EPSS
Exploits0References2
OSV
OSV
added 2018/05/11 8:29 p.m.21 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.6AI score0.03279EPSS
Exploits0References11
OSV
OSV
added 2018/05/11 8:29 p.m.5 views

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

8.8CVSS8.7AI score0.02427EPSS
Exploits0References16
OSV
OSV
added 2018/05/11 8:29 p.m.2 views

UBUNTU-CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.7AI score0.03279EPSS
Exploits0References3
OSV
OSV
added 2018/05/11 8:29 p.m.3 views

DEBIAN-CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.7AI score0.03279EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/11 8:0 p.m.34 views

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

9.2AI score0.02427EPSS
Exploits0References16
Rows per page
Query Builder