Vulnerabilities > Vmware > Spring Security > 5.0.10

DATE CVE VULNERABILITY TITLE RISK
2022-05-19 CVE-2022-22978 Incorrect Authorization vulnerability in multiple products
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.
network
low complexity
vmware oracle netapp CWE-863
critical
 9.8
9.8
2020-05-14 CVE-2020-5408 Use of Insufficiently Random Values vulnerability in multiple products
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor.
network
low complexity
pivotal-software vmware CWE-330
6.5
6.5
2019-04-09 CVE-2019-3795 Use of Insufficiently Random Values vulnerability in multiple products
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance.
network
low complexity
vmware debian CWE-330
5.3
5.3