Lucene search
K

113 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 7:22 a.m.33 views

Security Bulletin: HMC is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary HMC is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, ...

9.8CVSS1.5AI score0.99677EPSS
Exploits102Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 12:13 a.m.51 views

Security Bulletin: IBM Security SOAR is affected but not classified as vulnerable to remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Security SOAR is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot...

9.8CVSS1.5AI score0.99677EPSS
Exploits102Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/30 8:57 a.m.32 views

Security Bulletin:IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965)

Summary IBM Common Licensing is affected but not classified as vulnerable to a remote code execution in Spring Framework 220575, CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a...

9.8CVSS1.6AI score0.99677EPSS
Exploits102Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/25 10:33 p.m.82 views

Security Bulletin: IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling Control Center is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...

9.8CVSS1.3AI score0.99677EPSS
Exploits102Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/14 1:14 a.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay (>=0.4 <=0.5), ch.ralscha:extdirectspring (=1.4.0) +75 more potentially affected by CVE-2014-1904 via org.springframework:spring-webmvc (>=4.0.0.RELEASE <=4.0.1.RELEASE)

org.springframework:spring-webmvc MAVEN version =4.0.0.RELEASE, =0.4, =0.1.1-alpha, =0.2-alpha, =1.0.0, =2.0.3.2.1, =2.1.3.10.1, =2.0.3.6, =2.0.3.6, =2.1.2.7.1, =2.0.3.1, =2.1.4.19 and more Source cves: CVE-2014-1904 Source advisory: OSV:GHSA-FF7P-JQJM-V66H...

4.3CVSS7.2AI score0.03348EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 1:14 a.m.5 views

ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.34), be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3) +1208 more potentially affected by CVE-2014-1904 via org.springframework:spring-webmvc (>=3.0.0.RELEASE <=3.2.7.RELEASE)

org.springframework:spring-webmvc MAVEN version =3.0.0.RELEASE, =0.0.20, =0.3.3, =0.1.0, =1.0.0, =0.2, =3.0.1, =1.0.0-RELEASE, =3.0.10, =3.0.10, =4.2.1, =4.2.1, =4.2.1, =4.2.15 and more Source cves: CVE-2014-1904 Source advisory: OSV:GHSA-FF7P-JQJM-V66H...

4.3CVSS7.2AI score0.03348EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/13 1:2 a.m.6 views

ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.27), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.1) +800 more potentially affected by CVE-2014-3625 via org.springframework:spring-webmvc (>=3.0.4.RELEASE <=3.2.11.RELEASE)

org.springframework:spring-webmvc MAVEN version =3.0.4.RELEASE, =0.0.20, =0.1.0, =1.0.2, =0.2, =3.0.1, =1.0.0-RELEASE, =3.0.10, =3.0.10, =4.2.1, =4.2.1, =4.2.1, =0.4.2, =0.4.2, =2.6.20, =2.6.24 and more Source cves: CVE-2014-3625 Source advisory: OSV:GHSA-HHM4-HWQ6-3C6W...

5CVSS7.1AI score0.1005EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/05/13 1:2 a.m.4 views

br.com.anteros:Anteros-JSONDoc-Maven-Plugin (=1.0.0), br.com.anteros:Anteros-JSONDoc-SpringMVC (=1.0.0) +49 more potentially affected by CVE-2014-3625 via org.springframework:spring-webmvc (>=4.1.0.RELEASE <=4.1.1.RELEASE)

org.springframework:spring-webmvc MAVEN version =4.1.0.RELEASE, =0.7, =0.14.0, =0.14.0, =0.0.1-RELEASE, =1.3, =1.2, =1.31, =1.4, =1.0.1, =2.0.0, =0.1.0, =0.2.1 and more Source cves: CVE-2014-3625 Source advisory: OSV:GHSA-HHM4-HWQ6-3C6W...

5CVSS7.1AI score0.1005EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/05/13 1:2 a.m.4 views

at.molindo.social:spring-social-config (=1.1.0.RELEASE), at.molindo.social:spring-social-security (=1.1.0.RELEASE) +232 more potentially affected by CVE-2014-0225 via org.springframework:spring-webmvc (>=4.0.0.RELEASE <=4.0.4.RELEASE)

org.springframework:spring-webmvc MAVEN version =4.0.0.RELEASE, =0.4, =1.4.0, =0.0.2, =0.10.1, =0.10.1, =0.13.3 - com.daikit:daikit4gxt =0.1 - com.ebay:lightning-client =0.9.0 - com.ebay:lightning-core =0.9.0 and more Source cves: CVE-2014-0225 Source advisory: OSV:GHSA-F93F-G33R-8PCP...

8.8CVSS7.2AI score0.01696EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/13 1:2 a.m.4 views

ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.34), be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3) +1208 more potentially affected by CVE-2014-0225 via org.springframework:spring-webmvc (>=3.0.0.RELEASE <=3.2.7.RELEASE)

org.springframework:spring-webmvc MAVEN version =3.0.0.RELEASE, =0.0.20, =0.3.3, =0.1.0, =1.0.0, =0.2, =3.0.1, =1.0.0-RELEASE, =3.0.10, =3.0.10, =4.2.1, =4.2.1, =4.2.1, =4.2.15 and more Source cves: CVE-2014-0225 Source advisory: OSV:GHSA-F93F-G33R-8PCP...

8.8CVSS7.2AI score0.01696EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/13 1:2 a.m.7 views

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +2797 more potentially affected by CVE-2014-0054 via org.springframework:spring-webmvc (>=1.2.1 <=3.2.7.RELEASE)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.0, =0.0.20, =0.3.3, =1.0, =0.0.1, =0.1.0, =1.0.0, =0.2, =3.0.1, =4.0.0 and more Source cves: CVE-2014-0054 Source advisory: OSV:GHSA-8CMM-QJ8G-FCP6...

6.8CVSS7.2AI score0.91354EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/04/14 5:9 p.m.94 views

Low: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.1 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

9.8CVSS7AI score0.99677EPSS
Exploits102References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/11 3:15 p.m.60 views

Security Bulletin: IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Maximo For Civil infrastructure is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...

9.8CVSS2.6AI score0.99677EPSS
Exploits102Affected Software1
GithubExploit
GithubExploit
added 2022/04/04 8:16 p.m.370 views

Exploit for Code Injection in Vmware Spring_Framework

Spring4shell RCE vulnerability This vulnerability affects Spr...

9.8CVSS9.1AI score0.99677EPSS
Exploits102
vulnersOsv
vulnersOsv
added 2022/03/31 6:30 p.m.12 views

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +3609 more potentially affected by CVE-2022-22965 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.17)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =1.1.0, =1.13.0, =2.2.0 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

9.8CVSS7.1AI score0.99677EPSS
Exploits102
vulnersOsv
vulnersOsv
added 2022/03/31 6:30 p.m.8 views

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +15197 more potentially affected by CVE-2022-22965 via org.springframework:spring-webmvc (>=1.2.1 <=5.2.1.RELEASE)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =4.4.0.0, =0.1.6, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.1.1, =j8.2.3.0, =j8.2.3.0, =Finchley.SR2.SR1, =Finchley.SR4, =Greenwich.SR2.1 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

9.8CVSS7.2AI score0.99677EPSS
Exploits102
Github Security Blog
Github Security Blog
added 2022/03/31 6:30 p.m.1635 views

Remote Code Execution in Spring Framework

Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

9.8CVSS1.8AI score0.99677EPSS
Exploits102References18Affected Software5
GithubExploit
GithubExploit
added 2022/03/31 4:14 p.m.332 views

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 aka "Spring4Shell" Vulnerabilidad RCE en Spri...

9.8CVSS9AI score0.99939EPSS
Exploits138
Qualys Blog
Qualys Blog
added 2022/03/31 9:0 a.m.494 views

Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability

This page last updated: April 7th A new zero-day Remote Code Execution RCE vulnerability, “Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An unauthorized attacker can exploit this vulnerability to remotely execute arbitrary code on the target device. What is Spring Framewor...

7.5CVSS0.2AI score0.99939EPSS
Exploits133
CNVD
CNVD
added 2020/10/09 12:0 a.m.1 views

Spring-webmvc command execution vulnerability in hessian-based remote service calls

spring-webmvc is a java development framework. A command execution vulnerability exists in spring-webmvc's hessian-based remote service invocation, which can be exploited by an attacker to gain control of the server...

7.5AI score
Exploits0
Rows per page
Query Builder