Vulnerabilities > Vmware > Spring Security > 3.2.10

DATE CVE VULNERABILITY TITLE RISK
2022-05-19 CVE-2022-22978 Incorrect Authorization vulnerability in multiple products
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.
network
low complexity
vmware oracle netapp CWE-863
critical
 9.8
9.8
2017-05-25 CVE-2016-5007 Permissions, Privileges, and Access Controls vulnerability in multiple products
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively.
network
low complexity
pivotal-software vmware CWE-264
7.5
7.5