Vulnerabilities > Vmware > Spring Security > 5.6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-19 | CVE-2023-34034 | Unspecified vulnerability in VMWare Spring Security Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. | 9.8 |
2022-10-31 | CVE-2022-31690 | Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. | 8.1 |
2022-10-31 | CVE-2022-31692 | Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. | 9.8 |
2022-05-19 | CVE-2022-22976 | Integer Overflow or Wraparound vulnerability in multiple products Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. | 5.3 |
2022-05-19 | CVE-2022-22978 | Incorrect Authorization vulnerability in multiple products In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. | 9.8 |