Vulnerabilities > Vmware > Spring Framework > 4.3.2

DATE CVE VULNERABILITY TITLE RISK
2018-03-16 CVE-2018-1199 Improper Input Validation vulnerability in multiple products
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints.
network
low complexity
vmware redhat oracle CWE-20
5.3
5.3
2016-12-29 CVE-2016-9878 Path Traversal vulnerability in multiple products
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5.
network
low complexity
vmware pivotal-software CWE-22
5.0
5.0