2018-05-11 22:29:00 2020-07-15 05:15:00

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Oracle Weblogic server 12.1.3.0 * * * (not an official CPE) Oracle Weblogic server 10.3.6.0 * * * (not an official CPE) Oracle Tape library acsls 8.4 * * * (not an official CPE) Oracle Service architecture leveraging tuxedo 12.2.2.0.0 * * * (not an official CPE) Oracle Service architecture leveraging tuxedo 12.1.3.0.0 * * * (not an official CPE) Oracle Retail returns management 14.1 * * * (not an official CPE) Oracle Retail customer insights 16.0 * * * (not an official CPE) Oracle Retail financial integration 13.2 * * * (not an official CPE) Oracle Endeca information discovery integrator 3.2.0 * * * (not an official CPE) Oracle Enterprise manager for mysql database 13.2 * * * (not an official CPE) Oracle Enterprise manager ops center 12.2.2 * * * (not an official CPE) Oracle Enterprise manager ops center 12.3.3 * * * (not an official CPE) Oracle Retail returns management 14.0 * * * (not an official CPE) Oracle Retail point-of-service 14.1 * * * (not an official CPE) Oracle Retail point-of-service 14.0 * * * (not an official CPE) Oracle Retail integration bus 14.1.2 * * * (not an official CPE) Oracle Retail financial integration 16.0 * * * (not an official CPE) Oracle Retail financial integration 15.0 * * * (not an official CPE) Oracle Retail financial integration 14.1 * * * (not an official CPE) Oracle Retail financial integration 14.0 * * * (not an official CPE) Oracle Retail customer insights 15.0 * * * (not an official CPE) Oracle Retail central office 14.1 * * * (not an official CPE) Oracle Retail central office 14.0 * * * (not an official CPE) Oracle Retail back office 14.0 * * * (not an official CPE) Oracle Retail back office 14.1 * * * (not an official CPE) Oracle Retail assortment planning 16.0 * * * (not an official CPE) Oracle Retail assortment planning 15.0 * * * (not an official CPE) Oracle Retail assortment planning 14.1 * * * (not an official CPE) Oracle Peoplesoft enterprise fin install 9.2 * * * (not an official CPE) Oracle Insurance rules palette 11.1 * * * (not an official CPE) Oracle Micros lucas 2.9.5 * * * (not an official CPE) Oracle Mysql enterprise monitor * * * * (not an official CPE) Oracle Insurance rules palette 10.2 * * * (not an official CPE) Oracle Insurance rules palette 11.0 * * * (not an official CPE) Oracle Insurance rules palette 10.1 * * * (not an official CPE) Oracle Insurance rules palette 10.0 * * * (not an official CPE) Oracle Insurance policy administration 11.0 * * * (not an official CPE) Oracle Insurance policy administration 10.2 * * * (not an official CPE) Oracle Insurance policy administration 10.1 * * * (not an official CPE) Oracle Insurance policy administration 10.0 * * * (not an official CPE) Oracle Insurance calculation engine 10.2.1 * * * (not an official CPE) Oracle Hospitality guest access 4.2.0 * * * (not an official CPE) Oracle Hospitality guest access 4.2.1 * * * (not an official CPE) Oracle Insurance calculation engine 10.1.1 * * * (not an official CPE) Oracle Insurance calculation engine 10.2 * * * (not an official CPE) Oracle Healthcare master person index 4.0 * * * (not an official CPE) Oracle Goldengate for big data 12.2.0.1 * * * (not an official CPE) Oracle Goldengate for big data 12.3.1.1 * * * (not an official CPE) Oracle Goldengate for big data 12.3.2.1 * * * (not an official CPE) Oracle Healthcare master person index 3.0 * * * (not an official CPE) Netapp Storage automation store - * * * (not an official CPE) Netapp Snapcenter - * * * (not an official CPE) Netapp Oncommand unified manager * * * * (not an official CPE) Netapp Oncommand workflow automation - * * * (not an official CPE) Oracle Weblogic server 12.2.1.2 * * * (not an official CPE) Oracle Weblogic server 12.2.1.3 * * * (not an official CPE) Netapp Oncommand insight - * * * (not an official CPE) Netapp Oncommand unified manager * * * * (not an official CPE) Oracle Health sciences information manager 3.0 * * * (not an official CPE) Oracle Enterprise repository 11.1.1.7.0 * * * (not an official CPE) Oracle Enterprise repository 12.1.3.0.0 * * * (not an official CPE) Oracle Communications services gatekeeper * * * * (not an official CPE) Oracle Endeca information discovery integrator 3.1.0 * * * (not an official CPE) Oracle Communications performance intelligence center * * * * (not an official CPE) Oracle Communications diameter signaling router * * * * (not an official CPE) Oracle Big data discovery 1.6.0 * * * (not an official CPE) Oracle Communications converged application server * * * * (not an official CPE) Oracle Application testing suite 12.5.0.3 * * * (not an official CPE) Oracle Application testing suite 13.1.0.1 * * * (not an official CPE) Oracle Application testing suite 13.2.0.1 * * * (not an official CPE) Oracle Application testing suite 13.3.0.1 * * * (not an official CPE) Oracle Application testing suite 10.1 * * * (not an official CPE) Oracle Agile plm 9.3.6 * * * (not an official CPE) Oracle Agile plm 9.3.5 * * * (not an official CPE) Oracle Agile plm 9.3.4 * * * (not an official CPE) Pivotal software Spring security * * * * (not an official CPE) Oracle Agile plm 9.3.3 * * * (not an official CPE) Pivotal software Spring framework 5.0.5 * * * (not an official CPE)