Vulnerabilities > Pivotal Software > Spring Advanced Message Queuing Protocol > 1.5.3

DATE CVE VULNERABILITY TITLE RISK
2018-09-14 CVE-2018-11087 Improper Certificate Validation vulnerability in multiple products
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation.
network
high complexity
pivotal-software vmware CWE-295
5.9
2017-11-27 CVE-2017-8045 Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Advanced Message Queuing Protocol
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string.
network
low complexity
pivotal-software CWE-502
critical
9.8