Lucene search
K

1889 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 2:54 p.m.124 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Watson Discovery for IBM Cloud Pak for Data is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR i...

9.8CVSS1.2AI score0.99939EPSS
Exploits131Affected Software1
RedHat Linux
RedHat Linux
added 2022/04/27 9:46 a.m.5 views

spring-framework: RCE via Data Binding on JDK 9+

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...

9.8CVSS6.7AI score0.99677EPSS
Exploits100References10
RedHat Linux
RedHat Linux
added 2022/04/27 9:46 a.m.11 views

spring-framework: RCE via Data Binding on JDK 9+

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...

9.8CVSS6.7AI score0.99677EPSS
Exploits100References10
OpenVAS
OpenVAS
added 2022/04/25 12:0 a.m.7 views

SUSE: Security Advisory (SUSE-SU-2022:1304-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
GithubExploit
GithubExploit
added 2022/04/23 9:1 a.m.442 views

Exploit for Code Injection in Vmware Spring_Framework

:spaceinvader: CVE-2022-22965 This is a proof of concept of a...

9.8CVSS8.9AI score0.99677EPSS
Exploits100
OSV
OSV
added 2022/04/22 1:25 p.m.3 views

SUSE-SU-2022:1304-1 Security update for tomcat

This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...

7.2AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 11:43 a.m.53 views

Security Bulletin: Vulnerability exists for Spring Framework in Watson Explorer (CVE-2021-22060, CVE-2022-22965, CVE-2022-22950)

Summary Security vulnerability in Spring Framework affects IBM Watson Explorer. IBM Watson Explorer has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions,...

9.8CVSS0.8AI score0.99677EPSS
Exploits100Affected Software1
OpenVAS
OpenVAS
added 2022/04/22 12:0 a.m.11 views

SUSE: Security Advisory (SUSE-SU-2022:1293-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2022/04/22 12:0 a.m.7 views

SUSE: Security Advisory (SUSE-SU-2022:1292-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2022/04/22 12:0 a.m.11 views

SUSE: Security Advisory (SUSE-SU-2022:1294-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References5
OSV
OSV
added 2022/04/21 1:59 p.m.3 views

SUSE-SU-2022:1294-1 Security update for tomcat

This update for tomcat fixes the following issues: - Remove the log4j dependency as it is not used by the tomcat package bsc1196137 Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...

7.1AI score
Exploits0References3
OSV
OSV
added 2022/04/21 12:59 p.m.1 views

SUSE-SU-2022:1293-1 Security update for tomcat

This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...

7.2AI score
Exploits0References2
OSV
OSV
added 2022/04/21 12:58 p.m.3 views

SUSE-SU-2022:1292-1 Security update for tomcat

This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...

7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/04/20 12:0 a.m.103 views

Oracle MySQL Enterprise Monitor (Apr 2022 CPU)

The version of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Log4j. Supported versions that...

9.8CVSS6.8AI score0.99677EPSS
Exploits130References10
Spring Security Advisories
Spring Security Advisories
added 2022/04/19 7:0 p.m.117 views

This Week in Spring - April 19th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its been quite the week since we last talked! I flew to Atlanta, GA, for my first in-person show since the pandemic - Devnexus 2022. I loved the experience! Hopefully, the only souvenirs Ill have are the amazing memories and...

5CVSS0.5AI score0.05413EPSS
Exploits2
OpenVAS
OpenVAS
added 2022/04/19 12:0 a.m.35 views

VMware Spring Boot < 2.5.13, 2.6.x < 2.6.7 Data Binding Rules Vulnerability

VMware Spring Boot is prone to a data binding rules vulnerability in the used Spring Framework. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

5.3CVSS5.9AI score0.05413EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2022/04/19 12:0 a.m.32 views

VMware Spring Framework < 5.2.21, 5.3.x < 5.3.19 Data Binding Rules Vulnerability

The VMware Spring Framework is prone to a data binding rules vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6AI score0.05413EPSS
Exploits2References2
OSV
OSV
added 2022/04/15 12:0 a.m.2 views

GHSA-G5MM-VMX4-3RG7 Improper handling of case sensitivity in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

7.5CVSS7.1AI score0.05413EPSS
Exploits2References7
Github Security Blog
Github Security Blog
added 2022/04/15 12:0 a.m.210 views

Improper handling of case sensitivity in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS2.9AI score0.05413EPSS
Exploits2References7Affected Software1
OpenVAS
OpenVAS
added 2022/04/15 12:0 a.m.7 views

SUSE: Security Advisory (SUSE-SU-2022:1217-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
Rows per page
Query Builder