Vulnerabilities > Vmware > Spring Security > 4.1.4

DATE CVE VULNERABILITY TITLE RISK
2022-05-19 CVE-2022-22978 Incorrect Authorization vulnerability in multiple products
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.
network
low complexity
vmware oracle netapp CWE-863
critical
9.8
2018-03-16 CVE-2018-1199 Improper Input Validation vulnerability in multiple products
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints.
network
low complexity
vmware redhat oracle CWE-20
5.3