1885 matches found
Demo: A Guide to Virtual Machine App Security
Enhance your virtual machine VM application security from vulnerabilities in your Spring Framework Java application by reviewing these guidelines...
Demo: A Guide to Virtual Machine App Security
Enhance your virtual machine VM application security from vulnerabilities in your Spring Framework Java application by reviewing these guidelines...
UReport 代码注入漏洞
UReport is a high-performance pure Java reporting engine based on the Spring architecture. The vulnerability stems from a lack of access control to the designer page. An attacker can exploit this vulnerability to execute arbitrary code...
Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a specially-crafted jsessionid path...
Security Bulletin: A Privilege Escalation vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool and its Agent
Summary A Privilege Escalation related vulnerability has been found in Pivotal Spring Framework used by IBM LKS Administration & Reporting Tool ART and its Agent. A fix has been published. Vulnerability Details CVEID: CVE-2021-22118 DESCRIPTION: VMware Tanzu Spring Framework could allow a local...
springframework: RFD protection bypass via jsessionid
In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...
The vulnerability of the Spring Framework software, caused by privilege management errors, allows a hacker to read and rewrite any files they desire.
The vulnerability of the Spring Framework software is caused by privilege management errors. Exploiting this vulnerability allows an attacker to read and rewrite any files at will...
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
CVE-2021-29500
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...
CVE-2021-29500
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...
Design/Logic Flaw
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...
CVE-2021-29500
The CVE-2021-29500 issue affects the bubble-fireworks project (fxbin/bubble-fireworks) in BUILD-SNAPSHOT builds. The root cause is improper verification of JSON Web Token signatures in the library’s JWT handling, which enables forgery of valid JWTs. Affected component: bubble-fireworks-core/JWT v...
CVE-2021-29500 Missing validation of JWT signature
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...
Improper Verification of Cryptographic Signature
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...
Vmware Spring Framework Elevation of Privilege Vulnerability
Vmware Spring Framework is the United States, Vmware Vmware company's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . An elevation of privilege vulnerability exists in Vmware Spring Framework, which can be exploited by an...
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
Privilege escalation
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
UBUNTU-CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...