Search

Find a vulnerability

Search criteria

    1 vulnerability found for Spring Security by Greenplum

    JVNDB-2018-000008

    Vulnerability from jvndb - Published: 2018-02-02 12:28 - Updated:2018-06-14 13:48
    Severity
    Summary
    Spring Security and Spring Framework vulnerable to authentication bypass
    Details
    Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability. Macchinetta Framework Development Team : NTT COMWARE, NTT DATA Corporation, and NTT reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000008.html",
      "dc:date": "2018-06-14T13:48+09:00",
      "dcterms:issued": "2018-02-02T12:28+09:00",
      "dcterms:modified": "2018-06-14T13:48+09:00",
      "description": "Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability.\r\n\r\nMacchinetta Framework Development Team : NTT COMWARE, NTT DATA Corporation, and NTT reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000008.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:greenplum:spring_framework",
          "@product": "Spring Framework",
          "@vendor": "Greenplum",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:greenplum:spring_security",
          "@product": "Spring Security",
          "@vendor": "Greenplum",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "5.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000008",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN15643848/index.html",
          "@id": "JVN#15643848",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199",
          "@id": "CVE-2018-1199",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-1199",
          "@id": "CVE-2018-1199",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        }
      ],
      "title": "Spring Security and Spring Framework vulnerable to authentication bypass"
    }