Lucene search
K
BladexSpringblade

9 matches found

CVE
CVE
added 2024/04/30 12:0 a.m.86 views

CVE-2024-33332

The CVE-2024-33332 entry affects SpringBlade 3.7.1, where a crafted GET request to the endpoint api/blade-system/tenant can disclose sensitive information. The connected sources consistently describe an information disclosure in SpringBlade 3.7.1 without broader exploitation details. Impact is de...

7.5CVSS6.2AI score0.0068EPSS
CVE
CVE
added 2024/08/20 11:31 p.m.81 views

CVE-2024-8023

CVE-2024-8023 describes a critical SQL injection in chillzhuang SpringBlade 4.1.0. The vulnerability affects an unknown function of the endpoint /api/blade-system/menu/list?updatexml, with remote exploitation possible. Public exploitation is noted, and vendor contact occurred without response. Co...

9.8CVSS6.8AI score0.00637EPSS
Web
CVE
CVE
added 2022/05/05 6:19 p.m.65 views

CVE-2022-27360

CVE-2022-27360 affects SpringBlade v3.2.0 and earlier. The vulnerability is a SQL injection in the component customSqlSegment , arising from improper handling of input in SpringBlade’s SQL construction. The initial source documents describe the issue across multiple feeds (NVD, Red Hat, OSV, CVE ...

9.8CVSS9.8AI score0.0204EPSS
CVE
CVE
added 2023/08/29 12:0 a.m.60 views

CVE-2023-40787

CVE-2023-40787 affects SpringBlade v3.6.0, where user-submitted SQL parameters are not wrapped in quotes during query execution, enabling SQL injection. Red Hat and multiple feeds corroborate the flaw in SpringBlade’s SQL handling, describing it as a lack of proper parameter quoting that could al...

9.8CVSS9.7AI score0.19377EPSS
CVE
CVE
added 2024/01/02 12:0 a.m.59 views

CVE-2023-47458

CVE-2023-47458 concerns SpringBlade versions 3.7.0 and earlier. The issue is described as a lack of a permissions control framework, which enables a remote attacker to escalate privileges (high impact). The CVSS vector from NVD indicates a critical score (9.8), with network attack vector, no user...

9.8CVSS9.5AI score0.00784EPSS
CVE
CVE
added 2020/07/30 7:1 p.m.53 views

CVE-2020-16165

CVE-2020-16165 affects SpringBlade up to 2.7.1. The DAO/DTO implementation allows SQL injection in an ORDER BY clause via the ascs/desc parameters of /api/blade-log/api/list. Impact is described as high, with potential for attackers to execute arbitrary SQL commands through the vulnerable sorting...

9.8CVSS9.7AI score0.01213EPSS
Web
CVE
CVE
added 2023/09/18 12:0 a.m.49 views

CVE-2023-40788

SpringBlade 3.6.0 to remediate.

5.3CVSS5.1AI score0.00623EPSS
CVE
CVE
added 2026/01/26 12:0 a.m.17 views

CVE-2025-70982

CVE-2025-70982 affects SpringBlade v4.5.0 and stems from incorrect access control in the importUser function , enabling attackers with low-level privileges to arbitrarily import sensitive user data. The CVE is rated CRITICAL (CVSS 3.1: 9.9) with vectors: AV=N/AC=L/PR=L/UI=N/S=C/C=H/I=H/A=H. Impac...

9.9CVSS5.9AI score0.00296EPSS
CVE
CVE
added 2026/01/23 12:0 a.m.15 views

CVE-2025-70983

CVE-2025-70983 affects SpringBlade v4.5.0. A flaw in the authRoutes function implements incorrect access control, enabling attackers with low privileges to escalate to high privileges. Sources from multiple trackers (Red Hat, NVD, CVE lists, PT-Group) corroborate the description. The publicly sta...

9.9CVSS5.4AI score0.00376EPSS