1857 matches found
Vulnerabilities fixed in IBM SPSS
Several vulnerabilities have been fixed in Spring Framework version 5.3.20 as part of IBM SPSS Collaboration and Deployment Services. The vulnerabilities can be exploited by a malicious be exploited to execute arbitrary code and/or to cause a denial-of-service DoS exploit. These vulnerabilities...
Security Bulletin: Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services
Summary There are multiple vulnerabilities in Spring Framework used by SPSS Collaboration and Deployment Services. SPSS Collaboration and Deployment Services is affected but not classified as vulnerable to these issues. The fix includes Spring 5.3.20. Vulnerability Details CVEID: CVE-2022-22950...
Security Bulletin:IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965)
Summary IBM Common Licensing is affected but not classified as vulnerable to a remote code execution in Spring Framework 220575, CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a...
KeySight N6841A RF Sensor Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Spring Framework. The issue results from the lack of prop...
Security Bulletin: IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Sterling Control Center is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...
GHSA-RFMP-97JJ-H8M6 Improper Output Neutralization for Logs in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
Improper Output Neutralization for Logs in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...
Improper Privilege Management in Spring Framework
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
GHSA-GFWJ-FWQJ-FP3V Improper Privilege Management in Spring Framework
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast ...
GHSA-4WRC-F8PQ-FPQP Pivotal Spring Framework contains unsafe Java deserialization methods
Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. Maintainers recommend...
Pivotal Spring Framework contains unsafe Java deserialization methods
Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. Maintainers recommend...
Exploit for Code Injection in Vmware Spring_Framework
CVE-2022-22965-spring4shell CVE-2022-22965 Spring4Shell resear...
Security Bulletin: IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged ...
CVE-2022-22971
A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...
CVE-2022-22970
A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...
This Week in Spring - May 17th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! I am in beautiful Barcelona, Spain, this week, ahead of the upcoming Spring I/O show. I just spent a wonderful week in amazing England, meeting old friends, speaking at Devoxx UK, etc. A Bootiful Podcast: EasyMock contributor...
Security Bulletin: IBM Planning Analytics Workspace is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a...
CVE-2022-22976
A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor 31 due to an integer overflow error...
Sysrv-K Botnet Targets Windows, Linux
Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems. The goal, according to researchers, is to infect systems with cryptomining malware. The botnet variant is being called Sysrv-K...