CVE-2021-22118

CVE-2021-22118 affects the Spring Framework WebFlux component. The vulnerability exists in Spring Framework versions: 5.2.x prior to 5.2.15 and 5.3.x prior to 5.3.7. An authenticated local attacker can exploit a flaw tied to (re)creating the temporary storage directory to read or modify files upl...

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

PT-2021-3400 · Unknown · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.2.x prior to 5.2.15 Spring Framework versions 5.3.x prior to 5.3.7 Description: The issue is caused by privilege management errors in the Spring Framework platform. Exploitation of this issue may allow an attacker ...

Vmware Spring Framework 权限许可和访问控制问题漏洞

Vmware Spring Framework is the United States, Vmware Vmware company's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . An elevation of privilege vulnerability exists in Vmware Spring Framework, which can be exploited by an...

Security Bulletin: Security Bypass Vulnerability in Spring Framework Affects IBM Control Center (CVE-2020-5421)

Summary Spring Framework vunerability could allow a remote attacker to bypass security restrictions, caused by improper input validation. Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by...

com.github.mswolfe:spring-query-filter (>=4.2.0 <=4.3.2), io.github.cyjishuang:swagger-mode (=1.0) potentially affected by CVE-2020-5421 via org.springframework:spring-framework-bom (>=4.2.3.RELEASE <=4.3.14.RELEASE)

org.springframework:spring-framework-bom MAVEN version =4.2.3.RELEASE, =4.2.0, =4.3.2 - io.github.cyjishuang:swagger-mode =1.0 Source cves: CVE-2020-5421 Source advisory: OSV:GHSA-RV39-3QH7-9V7W...

Improper Input Validation in Spring Framework

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

GHSA-RV39-3QH7-9V7W Improper Input Validation in Spring Framework

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

USN-4774-1: Spring Framework vulnerabilities

Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cause a denial of service. CVE-2015-3192 Alvaro Muñoz discovered that Spring Framework incorrectly handled certain URLs. A remote attacker could...

The vulnerability of the OAuth component of the Java framework for securing Spring-based industrial applications allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the OAuth component in the Java framework for securing Spring-based industrial applications relates to the redirection of URLs to an unreliable website. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring. Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...

The vulnerability of the Spring Framework software platform, related to insecure management of privileges, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the Spring Framework software platform is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...

The vulnerability of web services in the Spring Framework software platform allows attackers to compromise the confidentiality, integrity, and accessibility of information.

The vulnerability of web services in the Spring Framework is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of information...

The vulnerability of the OAuth component in the Java framework for securing Spring-based industrial applications allows attackers to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the OAuth component in the Java framework for securing Spring-based industrial applications relates to the redirection of URLs to insecure websites. Exploiting this vulnerability allows an attacker to enhance their privileges and gain unauthorized access to protected...

UBUNTU-CVE-2020-17523

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...

Exploit for Deserialization of Untrusted Data in Vmware Spring_Framework

PoC for CVE-2016-1000027 This is a demo Spring Boolt applicat...

Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Jan 2021 CPU)

MySQL Enterprise Monitor installed on the remote host is 8.0.x prior to 8.0.23. Therefore, it's affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Service Manager Apache Commons...

Security Bulletin: Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation (CVE-2020-5421)

Summary Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...

Security Bulletin: Rational Test Control Panel affected by Spring Framework vulnerability

Summary Spring Framework is vulnerable to a security issue affecting Rational Test Control Panel Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...

Exploit for CVE-2020-5421

PoC exploit for CVE-2020-5421, an arbitrary file upload vulnerab...