Vulnerabilities > Vmware > Spring Security > 3.1.0

DATE CVE VULNERABILITY TITLE RISK
2022-05-19 CVE-2022-22978 Incorrect Authorization vulnerability in multiple products
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.
network
low complexity
vmware oracle netapp CWE-863
critical
9.8
2017-05-25 CVE-2014-3527 Improper Authentication vulnerability in VMWare Spring Security
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated.
network
low complexity
vmware CWE-287
critical
9.8
2017-05-25 CVE-2014-0097 Improper Authentication vulnerability in VMWare Spring Security
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length.
network
low complexity
vmware CWE-287
7.3