VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Vmware
>
Spring Framework
> Critical
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2022-04-01
CVE-2022-22965
Code Injection vulnerability in multiple products
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
network
low complexity
vmware
cisco
oracle
siemens
veritas
CWE-94
critical
9.8
9.8
2020-01-02
CVE-2016-1000027
Deserialization of Untrusted Data vulnerability in VMWare Spring Framework
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data.
network
low complexity
vmware
CWE-502
critical
9.8
9.8
2018-04-11
CVE-2018-1275
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware
oracle
critical
9.8
9.8
2018-04-06
CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware
oracle
redhat
debian
critical
9.8
9.8
2017-05-25
CVE-2015-5211
Files or Directories Accessible to External Parties vulnerability in multiple products
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack.
network
low complexity
vmware
debian
CWE-552
critical
9.6
9.6