Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1258 (GCVE-0-2018-1258)
Vulnerability from cvelistv5 – Published: 2018-05-11 20:00 – Updated: 2024-09-17 02:56
VLAI?
EPSS
Summary
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Severity ?
No CVSS data available.
CWE
- Authorization Bypass
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Spring Framework |
Affected:
5.0.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:49.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104222"
},
{
"name": "1041888",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "1041896",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041896"
},
{
"name": "RHSA-2019:2413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Framework",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "5.0.5"
}
]
}
],
"datePublic": "2018-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "104222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104222"
},
{
"name": "1041888",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "1041896",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041896"
},
{
"name": "RHSA-2019:2413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-05-09T00:00:00",
"ID": "CVE-2018-1258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "5.0.5"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104222"
},
{
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "1041896",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041896"
},
{
"name": "RHSA-2019:2413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name": "https://pivotal.io/security/cve-2018-1258",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1258",
"datePublished": "2018-05-11T20:00:00.000Z",
"dateReserved": "2017-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:56:37.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CNVD-2018-09637
Vulnerability from cnvd - Published: 2018-05-17
VLAI Severity ?
Title
Pivotal Spring Security和Spring Framework权限提升漏洞
Description
Pivotal Spring Security和Spring Framework都是美国Pivotal Software公司的产品。Pivotal Spring Security是一套为基于Spring的应用程序提供说明性安全保护的安全框架。Spring Framework是一套开源的Java、Java EE应用程序框架。
Pivotal Spring Security和Spring Framework 5.0.6之前版本中存在安全漏洞。当两个产品同时使用时,攻击者可利用该漏洞获取被限制方法的访问权限。
Severity
高
Patch Name
Pivotal Spring Security和Spring Framework权限提升漏洞的补丁
Patch Description
Pivotal Spring Security和Spring Framework都是美国Pivotal Software公司的产品。Pivotal Spring Security是一套为基于Spring的应用程序提供说明性安全保护的安全框架。Spring Framework是一套开源的Java、Java EE应用程序框架。
Pivotal Spring Security和Spring Framework 5.0.6之前版本中存在安全漏洞。当两个产品同时使用时,攻击者可利用该漏洞获取被限制方法的访问权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://pivotal.io/security/cve-2018-1258
Reference
https://pivotal.io/security/cve-2018-1258
Impacted products
| Name | ['Pivotal Software Spring Security <5.0.6', 'Pivotal Software Spring Framework <5.0.6'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-1258"
}
},
"description": "Pivotal Spring Security\u548cSpring Framework\u90fd\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4ea7\u54c1\u3002Pivotal Spring Security\u662f\u4e00\u5957\u4e3a\u57fa\u4e8eSpring\u7684\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u8bf4\u660e\u6027\u5b89\u5168\u4fdd\u62a4\u7684\u5b89\u5168\u6846\u67b6\u3002Spring Framework\u662f\u4e00\u5957\u5f00\u6e90\u7684Java\u3001Java EE\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u3002\r\n\r\nPivotal Spring Security\u548cSpring Framework 5.0.6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u5f53\u4e24\u4e2a\u4ea7\u54c1\u540c\u65f6\u4f7f\u7528\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u88ab\u9650\u5236\u65b9\u6cd5\u7684\u8bbf\u95ee\u6743\u9650\u3002",
"discovererName": "the Snyk Security Research Team",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://pivotal.io/security/cve-2018-1258",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-09637",
"openTime": "2018-05-17",
"patchDescription": "Pivotal Spring Security\u548cSpring Framework\u90fd\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4ea7\u54c1\u3002Pivotal Spring Security\u662f\u4e00\u5957\u4e3a\u57fa\u4e8eSpring\u7684\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u8bf4\u660e\u6027\u5b89\u5168\u4fdd\u62a4\u7684\u5b89\u5168\u6846\u67b6\u3002Spring Framework\u662f\u4e00\u5957\u5f00\u6e90\u7684Java\u3001Java EE\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u3002\r\n\r\nPivotal Spring Security\u548cSpring Framework 5.0.6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u5f53\u4e24\u4e2a\u4ea7\u54c1\u540c\u65f6\u4f7f\u7528\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u88ab\u9650\u5236\u65b9\u6cd5\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Pivotal Spring Security\u548cSpring Framework\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Pivotal Software Spring Security \u003c5.0.6",
"Pivotal Software Spring Framework \u003c5.0.6"
]
},
"referenceLink": "https://pivotal.io/security/cve-2018-1258",
"serverity": "\u9ad8",
"submitTime": "2018-05-15",
"title": "Pivotal Spring Security\u548cSpring Framework\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
GSD-2018-1258
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1258",
"description": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.",
"id": "GSD-2018-1258",
"references": [
"https://www.suse.com/security/cve/CVE-2018-1258.html",
"https://access.redhat.com/errata/RHSA-2019:2413"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1258"
],
"details": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.",
"id": "GSD-2018-1258",
"modified": "2023-12-13T01:22:37.008415Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-05-09T00:00:00",
"ID": "CVE-2018-1258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "5.0.5"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104222"
},
{
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "1041896",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041896"
},
{
"name": "RHSA-2019:2413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name": "https://pivotal.io/security/cve-2018-1258",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[5.0.5.RELEASE,5.0.6.RELEASE)",
"affected_versions": "All versions starting from 5.0.5.RELEASE before 5.0.6.RELEASE",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-863",
"CWE-937"
],
"date": "2019-10-03",
"description": "Spring Framework when used in combination with Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.",
"fixed_versions": [
"5.0.6.RELEASE"
],
"identifier": "CVE-2018-1258",
"identifiers": [
"CVE-2018-1258"
],
"not_impacted": "All versions before 5.0.5.RELEASE, all versions starting from 5.0.6.RELEASE.",
"package_slug": "maven/org.springframework.security/spring-security-core",
"pubdate": "2018-05-11",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Incorrect Authorization",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-1258",
"http://www.securityfocus.com/bid/104222",
"http://www.securitytracker.com/id/1041888",
"http://www.securitytracker.com/id/1041896",
"https://pivotal.io/security/cve-2018-1258"
],
"uuid": "6a726d62-28d9-4c4a-b87c-18f213dd85a5"
},
{
"affected_range": "[5.0.5.RELEASE]",
"affected_versions": "Version 5.0.5",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-863",
"CWE-937"
],
"date": "2019-10-03",
"description": "Spring contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.",
"fixed_versions": [
"5.0.6.RELEASE"
],
"identifier": "CVE-2018-1258",
"identifiers": [
"CVE-2018-1258"
],
"not_impacted": "All versions before 5.0.5.RELEASE, all versions after 5.0.5.RELEASE",
"package_slug": "maven/org.springframework/spring-core",
"pubdate": "2018-05-11",
"solution": "Upgrade to version 5.0.6.RELEASE or above.",
"title": "Incorrect Authorization",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-1258",
"http://www.securityfocus.com/bid/104222",
"http://www.securitytracker.com/id/1041888",
"http://www.securitytracker.com/id/1041896",
"https://pivotal.io/security/cve-2018-1258"
],
"uuid": "8fb80b15-0127-4e89-9364-5ebb349eb0b5"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.6",
"versionStartIncluding": "7.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.2.8191",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:fuse:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2018-1258"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-1258",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"name": "104222",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104222"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "1041896",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041896"
},
{
"name": "1041888",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:2413",
"refsource": "REDHAT",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-04-11T17:18Z",
"publishedDate": "2018-05-11T20:29Z"
}
}
}
GHSA-CXRJ-66C5-9FMH
Vulnerability from github – Published: 2018-10-17 20:05 – Updated: 2024-03-14 21:08
VLAI?
Summary
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
Details
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Severity ?
8.8 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-core"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.5.RELEASE"
},
{
"fixed": "5.0.6.RELEASE"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.0.5.RELEASE"
]
}
],
"aliases": [
"CVE-2018-1258"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:33:19Z",
"nvd_published_at": "2018-05-11T20:29:00Z",
"severity": "HIGH"
},
"details": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.",
"id": "GHSA-cxrj-66c5-9fmh",
"modified": "2024-03-14T21:08:21Z",
"published": "2018-10-17T20:05:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1258"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/7b8fa90d96aaf751a3256fa755d5f17e081c20f1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200807033751/http://www.securitytracker.com/id/1041896"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227032934/http://www.securityfocus.com/bid/104222"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002"
},
{
"type": "WEB",
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-framework"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cxrj-66c5-9fmh"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass"
}
CERTFR-2018-AVI-498
Vulnerability from certfr_avis - Published: 2018-10-17 - Updated: 2018-10-17
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 8.0.12 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.5.61 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.12 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.41 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.7.23 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 3.4.9.4237 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.2.8191 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 4.0.6.5281 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 8.0.12 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.5.61 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.12 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.41 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.23 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 3.4.9.4237 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.2.8191 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 4.0.6.5281 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-3187",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3187"
},
{
"name": "CVE-2018-3279",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3279"
},
{
"name": "CVE-2018-3283",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3283"
},
{
"name": "CVE-2018-3162",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3162"
},
{
"name": "CVE-2018-3174",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3174"
},
{
"name": "CVE-2018-3284",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3284"
},
{
"name": "CVE-2018-3282",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3282"
},
{
"name": "CVE-2018-3155",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3155"
},
{
"name": "CVE-2018-3170",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3170"
},
{
"name": "CVE-2018-3258",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3258"
},
{
"name": "CVE-2018-3144",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3144"
},
{
"name": "CVE-2018-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3161"
},
{
"name": "CVE-2018-3251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3251"
},
{
"name": "CVE-2018-3173",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3173"
},
{
"name": "CVE-2018-3186",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3186"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2018-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3137"
},
{
"name": "CVE-2018-3286",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3286"
},
{
"name": "CVE-2018-3247",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3247"
},
{
"name": "CVE-2018-3185",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3185"
},
{
"name": "CVE-2018-3133",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3133"
},
{
"name": "CVE-2018-3203",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3203"
},
{
"name": "CVE-2018-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3156"
},
{
"name": "CVE-2018-3182",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3182"
},
{
"name": "CVE-2018-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3145"
},
{
"name": "CVE-2018-11776",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11776"
},
{
"name": "CVE-2018-8014",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8014"
},
{
"name": "CVE-2018-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3278"
},
{
"name": "CVE-2018-3276",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3276"
},
{
"name": "CVE-2018-3285",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3285"
},
{
"name": "CVE-2018-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3212"
},
{
"name": "CVE-2018-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3143"
},
{
"name": "CVE-2018-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3171"
},
{
"name": "CVE-2018-1258",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1258"
},
{
"name": "CVE-2018-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3195"
},
{
"name": "CVE-2018-3277",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3277"
},
{
"name": "CVE-2018-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3200"
},
{
"name": "CVE-2018-3280",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3280"
}
],
"initial_release_date": "2018-10-17T00:00:00",
"last_revision_date": "2018-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-498",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2018verbose du 16 octobre 2018",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018verbose-5170927.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 octobre 2018",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
CVE-2018-1258
Vulnerability from fstec - Published: 09.05.2018
VLAI Severity ?
Title
Уязвимость компонента Spring Framework программных продуктов Oracle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость компонента Spring Framework программных продуктов Oracle связана с неправильной авторизацией. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации
Severity ?
Vendor
Oracle Corp., Pivotal Software Inc., Red Hat Inc.
Software Name
Enterprise Manager Ops Center, Enterprise Repository, Insurance Policy Administration, PeopleSoft Enterprise FIN Install, Retail Back Office, Retail Central Office, Retail Returns Management, Retail Point-of-Service, MySQL Enterprise Monitor, Communications Diameter Signaling Router, Oracle Endeca Information Discovery Integrator, WebLogic Server, WebCenter Sites, Oracle Retail Order Broker, Enterprise Manager Base Platform, Spring Framework, Oracle Communications Unified Inventory Management, Oracle FLEXCUBE Private Banking, Oracle Utilities Network Management System, Communications Converged Application Server, Insurance Policy Administration J2EE, Financial Services Analytical Applications Infrastructure, Jboss Fuse, Oracle Hospitality Guest Access, Application Testing Suite, Primavera Gateway, Retail Xstore Point of Service, Oracle Retail Clearance Optimization Engine, Oracle Retail Markdown Optimization, Oracle Retail Customer Insights, Communications Online Mediation Controller, Primavera Analytics, Retail Integration Bus, Oracle Retail Predictive Application Server, Oracle Retail Assortment Planning, Oracle Big Data Discovery, Oracle Insurance Calculation Engine, Oracle Insurance Rules Palette, Oracle Retail Financial Integration, Oracle Retail Service Backbone, Oracle Healthcare Master Person Index, Oracle Agile PLM, Financial Services Behavior Detection Platform, MICROS Lucas, Enterprise Manager for MySQL Database, Oracle GoldenGate for Big Data, Tape Library ACSLS, Oracle Communications Services Gatekeeper, Retail Open Commerce Platform, Oracle Health Sciences Information Manager, Oracle Service Architecture Leveraging Tuxedo, Communications Performance Intelligence Center (PIC) Software, Enterprise Manager for Fusion Applications
Software Version
12.2.2 (Enterprise Manager Ops Center), 12.3.3 (Enterprise Manager Ops Center), 11.1.1.7.0 (Enterprise Repository), 12.1.3.0.0 (Enterprise Repository), 10.0 (Insurance Policy Administration), 10.1 (Insurance Policy Administration), 10.2 (Insurance Policy Administration), 11.0 (Insurance Policy Administration), 9.2 (PeopleSoft Enterprise FIN Install), 14.0 (Retail Back Office), 14.1 (Retail Back Office), 14.0 (Retail Central Office), 14.1 (Retail Central Office), 14.0 (Retail Returns Management), 14.1 (Retail Returns Management), 14.0 (Retail Point-of-Service), 14.1 (Retail Point-of-Service), до 3.4.9.4237 включительно (MySQL Enterprise Monitor), до 4.0.6.5281 включительно (MySQL Enterprise Monitor), до 8.0.2.8191 включительно (MySQL Enterprise Monitor), до 8.3 (Communications Diameter Signaling Router), 3.2.0 (Oracle Endeca Information Discovery Integrator), 3.1.0 (Oracle Endeca Information Discovery Integrator), 12.2.1.3.0 (WebLogic Server), 12.2.1.3.0 (WebCenter Sites), 5.1 (Oracle Retail Order Broker), 5.2 (Oracle Retail Order Broker), 15.0 (Oracle Retail Order Broker), 16.0 (Oracle Retail Order Broker), 13.2.0.0.0 (Enterprise Manager Base Platform), 13.3.0.0.0 (Enterprise Manager Base Platform), 5.0.5 (Spring Framework), 12.1.0.5.0 (Enterprise Manager Base Platform), 7.3.2 (Oracle Communications Unified Inventory Management), 7.3.4 (Oracle Communications Unified Inventory Management), 7.3.5 (Oracle Communications Unified Inventory Management), 7.4.0 (Oracle Communications Unified Inventory Management), 2.0.0.0 (Oracle FLEXCUBE Private Banking), 2.2.0.1 (Oracle FLEXCUBE Private Banking), 12.0.1.0 (Oracle FLEXCUBE Private Banking), 12.0.3.0 (Oracle FLEXCUBE Private Banking), 12.1.0.0 (Oracle FLEXCUBE Private Banking), 1.12.0.3 (Oracle Utilities Network Management System), до 7.0.0.1 (Communications Converged Application Server), 10.0 (Insurance Policy Administration J2EE), 10.2 (Insurance Policy Administration J2EE), 8.0.0.0.0 (Financial Services Analytical Applications Infrastructure), 7 (Jboss Fuse), 4.2.0 (Oracle Hospitality Guest Access), 4.2.1 (Oracle Hospitality Guest Access), 13.3.0.1 (Application Testing Suite), 15.2 (Primavera Gateway), 16.2 (Primavera Gateway), 17.12 (Primavera Gateway), 18.8 (Primavera Gateway), 17.0 (Retail Xstore Point of Service), от 8.0.2 до 8.0.8 включительно (Financial Services Analytical Applications Infrastructure), 12.5.0.3 (Application Testing Suite), 13.1.0.1 (Application Testing Suite), 13.2.0.1 (Application Testing Suite), 14.0.5 (Oracle Retail Clearance Optimization Engine), 13.4.4 (Oracle Retail Markdown Optimization), 15.0 (Oracle Retail Customer Insights), 16.0 (Oracle Retail Customer Insights), 6.1 (Communications Online Mediation Controller), 18.8 (Primavera Analytics), 15.0 (Retail Integration Bus), 16.0 (Retail Integration Bus), 6.0 (Communications Converged Application Server), 6.1 (Communications Converged Application Server), 16.0 (Oracle Retail Predictive Application Server), 14.0.3.26 (Oracle Retail Predictive Application Server), 14.1.3.37 (Oracle Retail Predictive Application Server), 15.0.3.100 (Oracle Retail Predictive Application Server), 15.0 (Oracle Retail Assortment Planning), 16.0 (Oracle Retail Assortment Planning), 1.6 (Oracle Big Data Discovery), 9.7 (Oracle Insurance Calculation Engine), 10.0 (Oracle Insurance Calculation Engine), 10.1 (Oracle Insurance Calculation Engine), 10.2 (Oracle Insurance Calculation Engine), 10.1 (Insurance Policy Administration J2EE), 11.0 (Insurance Policy Administration J2EE), 10.0 (Oracle Insurance Rules Palette), 10.1 (Oracle Insurance Rules Palette), 10.2 (Oracle Insurance Rules Palette), 11.0 (Oracle Insurance Rules Palette), от 4.0.0 до 4.0.9 включительно (MySQL Enterprise Monitor), от 8.0.0 до 8.0.14 включительно (MySQL Enterprise Monitor), 14.0 (Oracle Retail Financial Integration), 14.1 (Oracle Retail Financial Integration), 15.0 (Oracle Retail Financial Integration), 16.0 (Oracle Retail Financial Integration), 16.0.1 (Oracle Retail Service Backbone), 3.0 (Oracle Healthcare Master Person Index), 9.3.3 (Oracle Agile PLM), 9.3.5 (Oracle Agile PLM), 9.3.6 (Oracle Agile PLM), 8.0.0 (Financial Services Behavior Detection Platform), 2.9.5 (MICROS Lucas), 14.0.0 (Retail Integration Bus), 14.1.0 (Retail Integration Bus), 14.1.2 (Retail Integration Bus), 13.2 (Enterprise Manager for MySQL Database), 14.1 (Oracle Retail Assortment Planning), 13.2 (Oracle Retail Financial Integration), 9.3.4 (Oracle Agile PLM), 12.2.0.1 (Oracle GoldenGate for Big Data), 12.3.1.1 (Oracle GoldenGate for Big Data), 12.3.2.1 (Oracle GoldenGate for Big Data), 10.1.1 (Oracle Insurance Calculation Engine), 10.2.1 (Oracle Insurance Calculation Engine), 11.1 (Oracle Insurance Rules Palette), 14.0 (Oracle Retail Predictive Application Server), 14.1 (Oracle Retail Predictive Application Server), 15.0 (Oracle Retail Predictive Application Server), 8.4 (Tape Library ACSLS), до 6.1.0.4.0 (Oracle Communications Services Gatekeeper), 4.0 (Oracle Healthcare Master Person Index), 5.3.0 (Retail Open Commerce Platform), 6.0.0 (Retail Open Commerce Platform), 6.0.1 (Retail Open Commerce Platform), 3.0 (Oracle Health Sciences Information Manager), 12.1.3.0.0 (Oracle Service Architecture Leveraging Tuxedo), 12.2.2.0.0 (Oracle Service Architecture Leveraging Tuxedo), до 10.2.1 (Communications Performance Intelligence Center (PIC) Software), 13.3.0.0 (Enterprise Manager for Fusion Applications)
Possible Mitigations
Для программной платформы Spring Framework использование рекомендаций:
https://pivotal.io/security/cve-2018-1258
Для продуктов Oracle:
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Для Red Hat:
https://access.redhat.com/security/cve/CVE-2018-1258?extIdCarryOver=true&sc_cid=701f2000001OH7JAAW
Reference
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104222
http://www.securitytracker.com/id/1041888
http://www.securitytracker.com/id/1041896
https://access.redhat.com/errata/RHSA-2019:2413
https://pivotal.io/security/cve-2018-1258
https://security.netapp.com/advisory/ntap-20181018-0002/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
CWE
CWE-285, CWE-863
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp., Pivotal Software Inc., Red Hat Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12.2.2 (Enterprise Manager Ops Center), 12.3.3 (Enterprise Manager Ops Center), 11.1.1.7.0 (Enterprise Repository), 12.1.3.0.0 (Enterprise Repository), 10.0 (Insurance Policy Administration), 10.1 (Insurance Policy Administration), 10.2 (Insurance Policy Administration), 11.0 (Insurance Policy Administration), 9.2 (PeopleSoft Enterprise FIN Install), 14.0 (Retail Back Office), 14.1 (Retail Back Office), 14.0 (Retail Central Office), 14.1 (Retail Central Office), 14.0 (Retail Returns Management), 14.1 (Retail Returns Management), 14.0 (Retail Point-of-Service), 14.1 (Retail Point-of-Service), \u0434\u043e 3.4.9.4237 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), \u0434\u043e 4.0.6.5281 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), \u0434\u043e 8.0.2.8191 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), \u0434\u043e 8.3 (Communications Diameter Signaling Router), 3.2.0 (Oracle Endeca Information Discovery Integrator), 3.1.0 (Oracle Endeca Information Discovery Integrator), 12.2.1.3.0 (WebLogic Server), 12.2.1.3.0 (WebCenter Sites), 5.1 (Oracle Retail Order Broker), 5.2 (Oracle Retail Order Broker), 15.0 (Oracle Retail Order Broker), 16.0 (Oracle Retail Order Broker), 13.2.0.0.0 (Enterprise Manager Base Platform), 13.3.0.0.0 (Enterprise Manager Base Platform), 5.0.5 (Spring Framework), 12.1.0.5.0 (Enterprise Manager Base Platform), 7.3.2 (Oracle Communications Unified Inventory Management), 7.3.4 (Oracle Communications Unified Inventory Management), 7.3.5 (Oracle Communications Unified Inventory Management), 7.4.0 (Oracle Communications Unified Inventory Management), 2.0.0.0 (Oracle FLEXCUBE Private Banking), 2.2.0.1 (Oracle FLEXCUBE Private Banking), 12.0.1.0 (Oracle FLEXCUBE Private Banking), 12.0.3.0 (Oracle FLEXCUBE Private Banking), 12.1.0.0 (Oracle FLEXCUBE Private Banking), 1.12.0.3 (Oracle Utilities Network Management System), \u0434\u043e 7.0.0.1 (Communications Converged Application Server), 10.0 (Insurance Policy Administration J2EE), 10.2 (Insurance Policy Administration J2EE), 8.0.0.0.0 (Financial Services Analytical Applications Infrastructure), 7 (Jboss Fuse), 4.2.0 (Oracle Hospitality Guest Access), 4.2.1 (Oracle Hospitality Guest Access), 13.3.0.1 (Application Testing Suite), 15.2 (Primavera Gateway), 16.2 (Primavera Gateway), 17.12 (Primavera Gateway), 18.8 (Primavera Gateway), 17.0 (Retail Xstore Point of Service), \u043e\u0442 8.0.2 \u0434\u043e 8.0.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Financial Services Analytical Applications Infrastructure), 12.5.0.3 (Application Testing Suite), 13.1.0.1 (Application Testing Suite), 13.2.0.1 (Application Testing Suite), 14.0.5 (Oracle Retail Clearance Optimization Engine), 13.4.4 (Oracle Retail Markdown Optimization), 15.0 (Oracle Retail Customer Insights), 16.0 (Oracle Retail Customer Insights), 6.1 (Communications Online Mediation Controller), 18.8 (Primavera Analytics), 15.0 (Retail Integration Bus), 16.0 (Retail Integration Bus), 6.0 (Communications Converged Application Server), 6.1 (Communications Converged Application Server), 16.0 (Oracle Retail Predictive Application Server), 14.0.3.26 (Oracle Retail Predictive Application Server), 14.1.3.37 (Oracle Retail Predictive Application Server), 15.0.3.100 (Oracle Retail Predictive Application Server), 15.0 (Oracle Retail Assortment Planning), 16.0 (Oracle Retail Assortment Planning), 1.6 (Oracle Big Data Discovery), 9.7 (Oracle Insurance Calculation Engine), 10.0 (Oracle Insurance Calculation Engine), 10.1 (Oracle Insurance Calculation Engine), 10.2 (Oracle Insurance Calculation Engine), 10.1 (Insurance Policy Administration J2EE), 11.0 (Insurance Policy Administration J2EE), 10.0 (Oracle Insurance Rules Palette), 10.1 (Oracle Insurance Rules Palette), 10.2 (Oracle Insurance Rules Palette), 11.0 (Oracle Insurance Rules Palette), \u043e\u0442 4.0.0 \u0434\u043e 4.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), \u043e\u0442 8.0.0 \u0434\u043e 8.0.14 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), 14.0 (Oracle Retail Financial Integration), 14.1 (Oracle Retail Financial Integration), 15.0 (Oracle Retail Financial Integration), 16.0 (Oracle Retail Financial Integration), 16.0.1 (Oracle Retail Service Backbone), 3.0 (Oracle Healthcare Master Person Index), 9.3.3 (Oracle Agile PLM), 9.3.5 (Oracle Agile PLM), 9.3.6 (Oracle Agile PLM), 8.0.0 (Financial Services Behavior Detection Platform), 2.9.5 (MICROS Lucas), 14.0.0 (Retail Integration Bus), 14.1.0 (Retail Integration Bus), 14.1.2 (Retail Integration Bus), 13.2 (Enterprise Manager for MySQL Database), 14.1 (Oracle Retail Assortment Planning), 13.2 (Oracle Retail Financial Integration), 9.3.4 (Oracle Agile PLM), 12.2.0.1 (Oracle GoldenGate for Big Data), 12.3.1.1 (Oracle GoldenGate for Big Data), 12.3.2.1 (Oracle GoldenGate for Big Data), 10.1.1 (Oracle Insurance Calculation Engine), 10.2.1 (Oracle Insurance Calculation Engine), 11.1 (Oracle Insurance Rules Palette), 14.0 (Oracle Retail Predictive Application Server), 14.1 (Oracle Retail Predictive Application Server), 15.0 (Oracle Retail Predictive Application Server), 8.4 (Tape Library ACSLS), \u0434\u043e 6.1.0.4.0 (Oracle Communications Services Gatekeeper), 4.0 (Oracle Healthcare Master Person Index), 5.3.0 (Retail Open Commerce Platform), 6.0.0 (Retail Open Commerce Platform), 6.0.1 (Retail Open Commerce Platform), 3.0 (Oracle Health Sciences Information Manager), 12.1.3.0.0 (Oracle Service Architecture Leveraging Tuxedo), 12.2.2.0.0 (Oracle Service Architecture Leveraging Tuxedo), \u0434\u043e 10.2.1 (Communications Performance Intelligence Center (PIC) Software), 13.3.0.0 (Enterprise Manager for Fusion Applications)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Spring Framework \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\nhttps://pivotal.io/security/cve-2018-1258\n\n\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle:\n\nhttps://www.oracle.com/security-alerts/cpuapr2020.html\nhttps://www.oracle.com/security-alerts/cpujan2020.html\nhttps://www.oracle.com/security-alerts/cpujan2021.html\nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\nhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\nhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\n\n\u0414\u043b\u044f Red Hat:\nhttps://access.redhat.com/security/cve/CVE-2018-1258?extIdCarryOver=true\u0026sc_cid=701f2000001OH7JAAW",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.05.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.05.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01760",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1258",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Enterprise Manager Ops Center, Enterprise Repository, Insurance Policy Administration, PeopleSoft Enterprise FIN Install, Retail Back Office, Retail Central Office, Retail Returns Management, Retail Point-of-Service, MySQL Enterprise Monitor, Communications Diameter Signaling Router, Oracle Endeca Information Discovery Integrator, WebLogic Server, WebCenter Sites, Oracle Retail Order Broker, Enterprise Manager Base Platform, Spring Framework, Oracle Communications Unified Inventory Management, Oracle FLEXCUBE Private Banking, Oracle Utilities Network Management System, Communications Converged Application Server, Insurance Policy Administration J2EE, Financial Services Analytical Applications Infrastructure, Jboss Fuse, Oracle Hospitality Guest Access, Application Testing Suite, Primavera Gateway, Retail Xstore Point of Service, Oracle Retail Clearance Optimization Engine, Oracle Retail Markdown Optimization, Oracle Retail Customer Insights, Communications Online Mediation Controller, Primavera Analytics, Retail Integration Bus, Oracle Retail Predictive Application Server, Oracle Retail Assortment Planning, Oracle Big Data Discovery, Oracle Insurance Calculation Engine, Oracle Insurance Rules Palette, Oracle Retail Financial Integration, Oracle Retail Service Backbone, Oracle Healthcare Master Person Index, Oracle Agile PLM, Financial Services Behavior Detection Platform, MICROS Lucas, Enterprise Manager for MySQL Database, Oracle GoldenGate for Big Data, Tape Library ACSLS, Oracle Communications Services Gatekeeper, Retail Open Commerce Platform, Oracle Health Sciences Information Manager, Oracle Service Architecture Leveraging Tuxedo, Communications Performance Intelligence Center (PIC) Software, Enterprise Manager for Fusion Applications",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Spring Framework \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-285), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-863)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Spring Framework \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html \nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html \nhttp://www.securityfocus.com/bid/104222 \nhttp://www.securitytracker.com/id/1041888 \nhttp://www.securitytracker.com/id/1041896 \nhttps://access.redhat.com/errata/RHSA-2019:2413 \nhttps://pivotal.io/security/cve-2018-1258 \nhttps://security.netapp.com/advisory/ntap-20181018-0002/ \nhttps://www.oracle.com/security-alerts/cpuapr2020.html \nhttps://www.oracle.com/security-alerts/cpujan2020.html \nhttps://www.oracle.com/security-alerts/cpujan2021.html\nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html \nhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html \nhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-285, CWE-863",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
FKIE_CVE-2018-1258
Vulnerability from fkie_nvd - Published: 2018-05-11 20:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | Patch, Third Party Advisory | |
| security_alert@emc.com | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/104222 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1041888 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1041896 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://access.redhat.com/errata/RHSA-2019:2413 | Patch, Third Party Advisory | |
| security_alert@emc.com | https://pivotal.io/security/cve-2018-1258 | Vendor Advisory | |
| security_alert@emc.com | https://security.netapp.com/advisory/ntap-20181018-0002/ | Third Party Advisory | |
| security_alert@emc.com | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Third Party Advisory | |
| security_alert@emc.com | https://www.oracle.com/security-alerts/cpujan2020.html | Patch, Third Party Advisory | |
| security_alert@emc.com | https://www.oracle.com/security-alerts/cpujan2021.html | Patch, Third Party Advisory | |
| security_alert@emc.com | https://www.oracle.com/security-alerts/cpujul2020.html | Patch, Third Party Advisory | |
| security_alert@emc.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| security_alert@emc.com | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| security_alert@emc.com | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Third Party Advisory | |
| security_alert@emc.com | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104222 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041888 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041896 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2413 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2018-1258 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20181018-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pivotal_software | spring_security | * | |
| vmware | spring_framework | 5.0.5 | |
| oracle | agile_plm | 9.3.3 | |
| oracle | agile_plm | 9.3.4 | |
| oracle | agile_plm | 9.3.5 | |
| oracle | agile_plm | 9.3.6 | |
| oracle | application_testing_suite | 10.1 | |
| oracle | application_testing_suite | 12.5.0.3 | |
| oracle | application_testing_suite | 13.1.0.1 | |
| oracle | application_testing_suite | 13.2.0.1 | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | big_data_discovery | 1.6.0 | |
| oracle | communications_converged_application_server | * | |
| oracle | communications_diameter_signaling_router | * | |
| oracle | communications_network_integrity | * | |
| oracle | communications_performance_intelligence_center | * | |
| oracle | communications_services_gatekeeper | * | |
| oracle | endeca_information_discovery_integrator | 3.1.0 | |
| oracle | endeca_information_discovery_integrator | 3.2.0 | |
| oracle | enterprise_manager_for_mysql_database | 13.2 | |
| oracle | enterprise_manager_ops_center | 12.2.2 | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_repository | 11.1.1.7.0 | |
| oracle | enterprise_repository | 12.1.3.0.0 | |
| oracle | goldengate_for_big_data | 12.2.0.1 | |
| oracle | goldengate_for_big_data | 12.3.1.1 | |
| oracle | goldengate_for_big_data | 12.3.2.1 | |
| oracle | health_sciences_information_manager | 3.0 | |
| oracle | healthcare_master_person_index | 3.0 | |
| oracle | healthcare_master_person_index | 4.0 | |
| oracle | hospitality_guest_access | 4.2.0 | |
| oracle | hospitality_guest_access | 4.2.1 | |
| oracle | insurance_calculation_engine | 10.1.1 | |
| oracle | insurance_calculation_engine | 10.2 | |
| oracle | insurance_calculation_engine | 10.2.1 | |
| oracle | insurance_policy_administration | 10.0 | |
| oracle | insurance_policy_administration | 10.1 | |
| oracle | insurance_policy_administration | 10.2 | |
| oracle | insurance_policy_administration | 11.0 | |
| oracle | insurance_rules_palette | 10.0 | |
| oracle | insurance_rules_palette | 10.1 | |
| oracle | insurance_rules_palette | 10.2 | |
| oracle | insurance_rules_palette | 11.0 | |
| oracle | insurance_rules_palette | 11.1 | |
| oracle | micros_lucas | 2.9.5 | |
| oracle | mysql_enterprise_monitor | * | |
| oracle | peoplesoft_enterprise_fin_install | 9.2 | |
| oracle | retail_assortment_planning | 14.1 | |
| oracle | retail_assortment_planning | 15.0 | |
| oracle | retail_assortment_planning | 16.0 | |
| oracle | retail_back_office | 14.0 | |
| oracle | retail_back_office | 14.1 | |
| oracle | retail_central_office | 14.0 | |
| oracle | retail_central_office | 14.1 | |
| oracle | retail_customer_insights | 15.0 | |
| oracle | retail_customer_insights | 16.0 | |
| oracle | retail_financial_integration | 13.2 | |
| oracle | retail_financial_integration | 14.0 | |
| oracle | retail_financial_integration | 14.1 | |
| oracle | retail_financial_integration | 15.0 | |
| oracle | retail_financial_integration | 16.0 | |
| oracle | retail_integration_bus | 14.1.2 | |
| oracle | retail_point-of-service | 14.0 | |
| oracle | retail_point-of-service | 14.1 | |
| oracle | retail_returns_management | 14.0 | |
| oracle | retail_returns_management | 14.1 | |
| oracle | retail_xstore_point_of_service | 17.0 | |
| oracle | service_architecture_leveraging_tuxedo | 12.1.3.0.0 | |
| oracle | service_architecture_leveraging_tuxedo | 12.2.2.0.0 | |
| oracle | tape_library_acsls | 8.4 | |
| oracle | weblogic_server | 10.3.6.0 | |
| oracle | weblogic_server | 12.1.3.0 | |
| oracle | weblogic_server | 12.2.1.2 | |
| oracle | weblogic_server | 12.2.1.3 | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_unified_manager | * | |
| netapp | oncommand_unified_manager | * | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - | |
| netapp | storage_automation_store | - | |
| redhat | fuse | 7.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82F4C00B-9F3D-46D2-B10A-204BD055BA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_framework:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1733D2EB-D792-4566-92BF-DD9EA301B2A2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54634303-BC07-41EF-8C4A-D64D9A32A40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00280604-1DC1-4974-BF73-216C5D76FFA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD748C9-24F6-4739-9772-208B98616EE2",
"versionEndIncluding": "7.3.6",
"versionStartIncluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
"versionEndExcluding": "10.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B65CD29-C729-42AC-925E-014BA19581E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51C25F23-6800-48A2-881C-C2A2C3FA045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4A89F2-713D-4A36-9D28-22748D30E0FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFABB2C-2FA2-4F83-985B-7FCEAF274418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A609003-8687-40B4-8AC3-06A1534ADE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED4F724-C92F-4B4F-B631-81A4EA706DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "900450EB-A71D-4A8E-B8C4-AFD36F9A36B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68017B52-6597-4E32-A38F-634B5635568C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A19D11A6-BA1D-4121-8686-C177C450777F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9652104A-119D-4327-A937-8BED23C23861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "98EE20FD-3D21-4E23-95B8-7BD13816EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D863326-7106-4A08-9072-C72029584403",
"versionEndIncluding": "8.0.2.8191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E71BD-DD38-4634-BF9F-092D55000DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "921B7906-A20A-4313-9398-D542A4198BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D09C6958-DD7C-4B43-B7F0-4EE65ED5B582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB5604C-69AF-459D-A82D-8A3B78CF2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "655CF3AE-B649-4282-B727-8B3C5D829C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CFE454-3E73-4A88-ABEE-322139B169A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20357086-0C32-44B5-A1FA-79283E88FB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "909A7F73-0164-471B-8EBD-1F70072E9809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE08DC9-5153-48D6-B23C-68A632FF8FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "70D4467D-6968-4557-AF61-AFD42B2B48D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABB9BAD-9BBD-4B2D-A0ED-7898812B9446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F745235C-55A9-4353-A4CB-4B7834BDD63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE3D682-1434-4789-8B43-679AE86533FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6AADE2A6-B78C-4B9C-8FAB-58DB50F69D84",
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "7E49ACFC-FD48-4ED7-86E8-68B5B753852C",
"versionStartIncluding": "9.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:fuse:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "407B62F8-F1D8-403D-B342-9EF06D6F128B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
},
{
"lang": "es",
"value": "La versi\u00f3n 5.0.5 de Spring Framework, cuando se utiliza en combinaci\u00f3n con cualquier versi\u00f3n de Spring Security, contiene un omisi\u00f3n de autorizaci\u00f3n cuando se utiliza la seguridad del m\u00e9todo. Un usuario malicioso no autorizado puede obtener acceso no autorizado a m\u00e9todos que deben ser restringidos."
}
],
"id": "CVE-2018-1258",
"lastModified": "2024-11-21T03:59:28.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-11T20:29:00.260",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104222"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041896"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…