1889 matches found
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data is affected by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Watson Discovery for IBM Cloud Pak for Data is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR i...
spring-framework: RCE via Data Binding on JDK 9+
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...
spring-framework: RCE via Data Binding on JDK 9+
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...
SUSE: Security Advisory (SUSE-SU-2022:1304-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Code Injection in Vmware Spring_Framework
:spaceinvader: CVE-2022-22965 This is a proof of concept of a...
SUSE-SU-2022:1304-1 Security update for tomcat
This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...
Security Bulletin: Vulnerability exists for Spring Framework in Watson Explorer (CVE-2021-22060, CVE-2022-22965, CVE-2022-22950)
Summary Security vulnerability in Spring Framework affects IBM Watson Explorer. IBM Watson Explorer has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions,...
SUSE: Security Advisory (SUSE-SU-2022:1293-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:1292-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:1294-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:1294-1 Security update for tomcat
This update for tomcat fixes the following issues: - Remove the log4j dependency as it is not used by the tomcat package bsc1196137 Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...
SUSE-SU-2022:1293-1 Security update for tomcat
This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...
SUSE-SU-2022:1292-1 Security update for tomcat
This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources and always return null bsc1198136...
Oracle MySQL Enterprise Monitor (Apr 2022 CPU)
The version of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Log4j. Supported versions that...
This Week in Spring - April 19th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Its been quite the week since we last talked! I flew to Atlanta, GA, for my first in-person show since the pandemic - Devnexus 2022. I loved the experience! Hopefully, the only souvenirs Ill have are the amazing memories and...
VMware Spring Boot < 2.5.13, 2.6.x < 2.6.7 Data Binding Rules Vulnerability
VMware Spring Boot is prone to a data binding rules vulnerability in the used Spring Framework. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
VMware Spring Framework < 5.2.21, 5.3.x < 5.3.19 Data Binding Rules Vulnerability
The VMware Spring Framework is prone to a data binding rules vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
GHSA-G5MM-VMX4-3RG7 Improper handling of case sensitivity in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...
Improper handling of case sensitivity in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...
SUSE: Security Advisory (SUSE-SU-2022:1217-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...