Lucene search
Spring Security Security Vulnerabilities - 2020
cve
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an ar...
8.8CVSS
8.4AI Score
0.012EPSS
2020-05-13 05:15 PM
61
cve
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has b...
6.5CVSS
7.5AI Score
0.001EPSS
2020-05-14 06:15 PM
86