Vulnerabilities > Bladex > Springblade > 3.2.0

DATE CVE VULNERABILITY TITLE RISK
2024-01-02 CVE-2023-47458 Missing Authorization vulnerability in Bladex Springblade 3.2.0/3.6.0/3.7.0
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.
network
low complexity
bladex CWE-862
critical
 9.8
9.8
2023-09-19 CVE-2023-40788 Exposure of Resource to Wrong Sphere vulnerability in Bladex Springblade 3.2.0/3.6.0
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs
network
low complexity
bladex CWE-668
5.3
5.3
2022-05-05 CVE-2022-27360 SQL Injection vulnerability in Bladex Springblade 3.2.0
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
network
low complexity
bladex CWE-89
7.5
7.5