Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

🗓️ 19 Feb 2024 00:00:00Reported by SpringType

Broken access control in Spring Security when isFullyAuthenticated is used directly; affects 6.1.x before 6.1.7 and 6.2.x before 6.2.2.

Reporter	Title	Published	Views	Family All 30
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.14.4 IF001	14 May 202420:42	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	10 Apr 202409:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.	3 Feb 202523:04	–	ibm
BDU FSTEC	The vulnerability of the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method in the Java framework for securing industrial applications by Spring Security allows attackers to influence the integrity and confidentiality of protected information.	27 Feb 202400:00	–	bdu_fstec
Circl	CVE-2024-22234	20 Feb 202408:22	–	circl
CNNVD	VMware Spring Security 安全漏洞	20 Feb 202400:00	–	cnnvd
CNVD	Access Control Error Vulnerability in Spring Security	21 Feb 202400:00	–	cnvd
CVE	CVE-2024-22234	20 Feb 202407:02	–	cve
Cvelist	CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated	20 Feb 202407:02	–	cvelist
EUVD	EUVD-2024-0745	3 Oct 202520:07	–	euvd

19 Feb 2024 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.4

EPSS0.00682

SSVC