CVSS: 9.8EPSS: 7%CPEs: 22EXPL: 1CVE-2017-4914 – VMware vSphere Data Protection 5.x/6.x - Java Deserialization
https://notcve.org/view.php?id=CVE-2017-4914
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, y 5.5.x contiene un problema de deserialización que permitiría a un atacante remoto ejecutar comandos en el aparato. • https://www.exploit-db.com/exploits/42152 http://www.securityfocus.com/bid/98939 http://www.securitytracker.com/id/1038617 http://www.vmware.com/security/advisories/VMSA-2017-0010.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4897
https://notcve.org/view.php?id=CVE-2017-4897
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link. Horizon DaaS anterior a versión 7.0.0 de VMware, contiene una vulnerabilidad que se presenta debido a la comprobación insuficiente de datos. Un atacante puede explotar este problema mediante el engaño a los usuarios del cliente DaaS para que se conecten a un servidor malicioso y compartan todas sus unidades y dispositivos. • http://www.securityfocus.com/bid/96559 http://www.securitytracker.com/id/1037951 http://www.vmware.com/security/advisories/VMSA-2017-0002.html • CWE-20: Improper Input Validation •
CVSS: 9.6EPSS: 0%CPEs: 36EXPL: 1CVE-2015-5211
https://notcve.org/view.php?id=CVE-2015-5211
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. En algunas situaciones, el Framework Spring versiones 4.2.0 hasta 4.2.1, versiones 4.0.0 hasta 4.1.7, versiones 3.2.0 hasta 3.2.14 y versiones anteriores no compatibles, son vulnerables a un ataque de tipo Reflected File Download (RFD). El ataque involucra a un usuario malicioso que diseña una URL con una extensión de script por lotes lo que resulta en la respuesta siendo descargada en lugar de renderizada y también incluye alguna entrada reflejada en la respuesta. • https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html https://pivotal.io/security/cve-2015-5211 https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3527
https://notcve.org/view.php?id=CVE-2014-3527
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users. Cuando se utiliza la autenticación de tickets de Proxy CAS de Spring Security, versiones de la 3.1 a la 3.2.4, un servicio CAS malicioso permitiría engañar a otro servicio CAS para autenticar un ticket proxy que no estaba asociado. • https://pivotal.io/security/cve-2014-3527 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 0CVE-2016-5007
https://notcve.org/view.php?id=CVE-2016-5007
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. Tanto en Spring Security versiones 3.2.x, 4.0.x, 4.1.0 como el Framework Spring versiones 3.2.x, 4.0.x, 4.1.x, 4.2.x, se basan en el mapeo de patrones de URL para la autorización y para mapear las peticiones hacia los controladores, respectivamente. Las diferencias en el rigor de los mecanismos de coincidencia de patrones, por ejemplo con respecto al recorte de espacio en los segmentos de ruta (path), pueden hacer que Spring Security no reconozca ciertas rutas (paths) como no protegidas que de hecho se asignan a los controladores MVC de Spring que deben protegerse. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/91687 https://pivotal.io/security/cve-2016-5007 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • CWE-264: Permissions, Privileges, and Access Controls •