Vulnerabilities > Bladex > Springblade

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-8023 Unspecified vulnerability in Bladex Springblade
A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0.
network
low complexity
bladex
critical
 9.8
9.8
2024-01-02 CVE-2023-47458 Missing Authorization vulnerability in Bladex Springblade 3.2.0/3.6.0/3.7.0
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.
network
low complexity
bladex CWE-862
critical
 9.8
9.8
2023-09-19 CVE-2023-40788 Exposure of Resource to Wrong Sphere vulnerability in Bladex Springblade 3.2.0/3.6.0
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs
network
low complexity
bladex CWE-668
5.3
5.3
2023-08-29 CVE-2023-40787 SQL Injection vulnerability in Bladex Springblade 3.6.0
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.
network
low complexity
bladex CWE-89
critical
 9.8
9.8
2022-05-05 CVE-2022-27360 SQL Injection vulnerability in Bladex Springblade 3.2.0
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
network
low complexity
bladex CWE-89
critical
 9.8
9.8
2020-07-30 CVE-2020-16165 SQL Injection vulnerability in Bladex Springblade
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause.
network
low complexity
bladex CWE-89
critical
 9.8
9.8