CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22114
https://notcve.org/view.php?id=CVE-2021-22114
01 Mar 2021 — Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Aborda la corrección parcial en el CVE-2018-1263. Spring-integration-zip, versione... • https://tanzu.vmware.com/security/cve-2021-22114 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 1%CPEs: 11EXPL: 0CVE-2021-22112
https://notcve.org/view.php?id=CVE-2021-22112
23 Feb 2021 — Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. ... • http://www.openwall.com/lists/oss-security/2021/02/19/7 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22113
https://notcve.org/view.php?id=CVE-2021-22113
23 Feb 2021 — Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing. Unas aplicaciones que usan la funcionalidad de "Sensitive Headers" en Spring Cloud Netflix Zuul vers... • https://tanzu.vmware.com/security/cve-2021-22113 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5428 – Possibility of SQL Injection in Spring Cloud Task Execution Sorting Query
https://notcve.org/view.php?id=CVE-2020-5428
27 Jan 2021 — In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. En aplicaciones que utilizan Spring Cloud Task versiones 2.2.4.RELEASE y por debajo, puede ser vulnerable a una inyección SQL cuando se realizan determinadas consultas de búsqueda en TaskExplorer • https://tanzu.vmware.com/security/cve-2020-5428 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 1%CPEs: 2EXPL: 0CVE-2020-5427 – Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query
https://notcve.org/view.php?id=CVE-2020-5427
27 Jan 2021 — In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. En Spring Cloud Data Flow, versiones 2.6.x anteriores a 2.6.5, versiones 2.5.x anteriores a 2.5.4, una aplicación es vulnerable a una inyección SQL cuando es requerida una ejecución de tareas • https://tanzu.vmware.com/security/cve-2020-5427 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 57%CPEs: 77EXPL: 1CVE-2020-5421 – RFD Protection Bypass via jsessionid
https://notcve.org/view.php?id=CVE-2020-5421
19 Sep 2020 — In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. En Spring Framework versiones 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28 y versiones anteriores no compatibles, las protecciones contra ataques RFD del CVE-2015 -5211 puede ser omitidas según el navegador usado mediante ... • https://github.com/pandaMingx/CVE-2020-5421 •
CVSS: 6.5EPSS: 90%CPEs: 2EXPL: 0CVE-2020-5412 – Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
https://notcve.org/view.php?id=CVE-2020-5412
07 Aug 2020 — Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. Spring Cloud Netflix, versiones 2.2.x anteriores a 2.2.4, versiones 2.1.x anteriores a 2.1.6 y versiones anteriores no compatibles, permiten a la... • https://tanzu.vmware.com/security/cve-2020-5412 • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0CVE-2020-5413 – Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"
https://notcve.org/view.php?id=CVE-2020-5413
31 Jul 2020 — Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive aga... • https://tanzu.vmware.com/security/cve-2020-5413 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 94%CPEs: 2EXPL: 3CVE-2020-5410 – VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-5410
02 Jun 2020 — Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config, las versiones 2.2.x anteriores a 2.2.3, versiones 2.1.x anteriores a 2.1.9, y las versiones más antiguas no compatibles, permiten a las aplicacio... • https://packetstorm.news/files/id/181125 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-5408 – Dictionary attack with Spring Security queryable text encryptor
https://notcve.org/view.php?id=CVE-2020-5408
14 May 2020 — Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. Spring Security versiones 5.3.x anteriores a 5.3.2, versiones 5.2.x anteriores a 5.2.4, versiones 5.1.x... • https://tanzu.vmware.com/security/cve-2020-5408 • CWE-329: Generation of Predictable IV with CBC Mode CWE-330: Use of Insufficiently Random Values •