Vulnerabilities > Vmware > Spring Cloud Config

DATE CVE VULNERABILITY TITLE RISK
2023-03-23 CVE-2023-20859 Information Exposure Through Log Files vulnerability in VMWare products
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
local
low complexity
vmware CWE-532
5.5
2020-06-02 CVE-2020-5410 Path Traversal vulnerability in VMWare Spring Cloud Config
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.
network
low complexity
vmware CWE-22
7.5
2020-03-05 CVE-2020-5405 Path Traversal vulnerability in VMWare Spring Cloud Config
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.
network
low complexity
vmware CWE-22
6.5
2019-05-06 CVE-2019-3799 Path Traversal vulnerability in multiple products
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.
network
low complexity
vmware oracle CWE-22
6.5