113 matches found
Security Bulletin: HMC is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary HMC is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, ...
Security Bulletin: IBM Security SOAR is affected but not classified as vulnerable to remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Security SOAR is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot...
Security Bulletin:IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965)
Summary IBM Common Licensing is affected but not classified as vulnerable to a remote code execution in Spring Framework 220575, CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a...
Security Bulletin: IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Sterling Control Center is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...
ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay (>=0.4 <=0.5), ch.ralscha:extdirectspring (=1.4.0) +75 more potentially affected by CVE-2014-1904 via org.springframework:spring-webmvc (>=4.0.0.RELEASE <=4.0.1.RELEASE)
org.springframework:spring-webmvc MAVEN version =4.0.0.RELEASE, =0.4, =0.1.1-alpha, =0.2-alpha, =1.0.0, =2.0.3.2.1, =2.1.3.10.1, =2.0.3.6, =2.0.3.6, =2.1.2.7.1, =2.0.3.1, =2.1.4.19 and more Source cves: CVE-2014-1904 Source advisory: OSV:GHSA-FF7P-JQJM-V66H...
ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.34), be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3) +1208 more potentially affected by CVE-2014-1904 via org.springframework:spring-webmvc (>=3.0.0.RELEASE <=3.2.7.RELEASE)
org.springframework:spring-webmvc MAVEN version =3.0.0.RELEASE, =0.0.20, =0.3.3, =0.1.0, =1.0.0, =0.2, =3.0.1, =1.0.0-RELEASE, =3.0.10, =3.0.10, =4.2.1, =4.2.1, =4.2.1, =4.2.15 and more Source cves: CVE-2014-1904 Source advisory: OSV:GHSA-FF7P-JQJM-V66H...
ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.27), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.1) +800 more potentially affected by CVE-2014-3625 via org.springframework:spring-webmvc (>=3.0.4.RELEASE <=3.2.11.RELEASE)
org.springframework:spring-webmvc MAVEN version =3.0.4.RELEASE, =0.0.20, =0.1.0, =1.0.2, =0.2, =3.0.1, =1.0.0-RELEASE, =3.0.10, =3.0.10, =4.2.1, =4.2.1, =4.2.1, =0.4.2, =0.4.2, =2.6.20, =2.6.24 and more Source cves: CVE-2014-3625 Source advisory: OSV:GHSA-HHM4-HWQ6-3C6W...
br.com.anteros:Anteros-JSONDoc-Maven-Plugin (=1.0.0), br.com.anteros:Anteros-JSONDoc-SpringMVC (=1.0.0) +49 more potentially affected by CVE-2014-3625 via org.springframework:spring-webmvc (>=4.1.0.RELEASE <=4.1.1.RELEASE)
org.springframework:spring-webmvc MAVEN version =4.1.0.RELEASE, =0.7, =0.14.0, =0.14.0, =0.0.1-RELEASE, =1.3, =1.2, =1.31, =1.4, =1.0.1, =2.0.0, =0.1.0, =0.2.1 and more Source cves: CVE-2014-3625 Source advisory: OSV:GHSA-HHM4-HWQ6-3C6W...
at.molindo.social:spring-social-config (=1.1.0.RELEASE), at.molindo.social:spring-social-security (=1.1.0.RELEASE) +232 more potentially affected by CVE-2014-0225 via org.springframework:spring-webmvc (>=4.0.0.RELEASE <=4.0.4.RELEASE)
org.springframework:spring-webmvc MAVEN version =4.0.0.RELEASE, =0.4, =1.4.0, =0.0.2, =0.10.1, =0.10.1, =0.13.3 - com.daikit:daikit4gxt =0.1 - com.ebay:lightning-client =0.9.0 - com.ebay:lightning-core =0.9.0 and more Source cves: CVE-2014-0225 Source advisory: OSV:GHSA-F93F-G33R-8PCP...
ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.34), be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3) +1208 more potentially affected by CVE-2014-0225 via org.springframework:spring-webmvc (>=3.0.0.RELEASE <=3.2.7.RELEASE)
org.springframework:spring-webmvc MAVEN version =3.0.0.RELEASE, =0.0.20, =0.3.3, =0.1.0, =1.0.0, =0.2, =3.0.1, =1.0.0-RELEASE, =3.0.10, =3.0.10, =4.2.1, =4.2.1, =4.2.1, =4.2.15 and more Source cves: CVE-2014-0225 Source advisory: OSV:GHSA-F93F-G33R-8PCP...
RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +2797 more potentially affected by CVE-2014-0054 via org.springframework:spring-webmvc (>=1.2.1 <=3.2.7.RELEASE)
org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.0, =0.0.20, =0.3.3, =1.0, =0.0.1, =0.1.0, =1.0.0, =0.2, =3.0.1, =4.0.0 and more Source cves: CVE-2014-0054 Source advisory: OSV:GHSA-8CMM-QJ8G-FCP6...
Low: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.1 security update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...
Security Bulletin: IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM Maximo For Civil infrastructure is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...
Exploit for Code Injection in Vmware Spring_Framework
Spring4shell RCE vulnerability This vulnerability affects Spr...
africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +3609 more potentially affected by CVE-2022-22965 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.17)
org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =1.1.0, =1.13.0, =2.2.0 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...
RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +15197 more potentially affected by CVE-2022-22965 via org.springframework:spring-webmvc (>=1.2.1 <=5.2.1.RELEASE)
org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =4.4.0.0, =0.1.6, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.1.1, =j8.2.3.0, =j8.2.3.0, =Finchley.SR2.SR1, =Finchley.SR4, =Greenwich.SR2.1 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...
Remote Code Execution in Spring Framework
Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...
Exploit for Code Injection in Vmware Spring_Framework
CVE-2022-22965 aka "Spring4Shell" Vulnerabilidad RCE en Spri...
Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability
This page last updated: April 7th A new zero-day Remote Code Execution RCE vulnerability, “Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An unauthorized attacker can exploit this vulnerability to remotely execute arbitrary code on the target device. What is Spring Framewor...
Spring-webmvc command execution vulnerability in hessian-based remote service calls
spring-webmvc is a java development framework. A command execution vulnerability exists in spring-webmvc's hessian-based remote service invocation, which can be exploited by an attacker to gain control of the server...