Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
11 Apr 2022, 17:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:vmware:spring_framework:5.0.5:*:*:*:*:*:*:* | |
First Time |
Vmware
Vmware spring Framework |
16 Dec 2021, 18:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:fuse:7.3.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2413 - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Patch, Third Party Advisory |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-05-11 20:29
Updated : 2023-12-10 12:30
NVD link : CVE-2018-1258
Mitre link : CVE-2018-1258
CVE.ORG link : CVE-2018-1258
JSON object : View
Products Affected
oracle
- communications_performance_intelligence_center
- communications_converged_application_server
- insurance_calculation_engine
- weblogic_server
- goldengate_for_big_data
- communications_services_gatekeeper
- hospitality_guest_access
- health_sciences_information_manager
- retail_central_office
- communications_diameter_signaling_router
- retail_point-of-service
- insurance_rules_palette
- enterprise_repository
- enterprise_manager_ops_center
- tape_library_acsls
- retail_back_office
- mysql_enterprise_monitor
- retail_assortment_planning
- agile_plm
- insurance_policy_administration
- micros_lucas
- enterprise_manager_for_mysql_database
- communications_network_integrity
- healthcare_master_person_index
- service_architecture_leveraging_tuxedo
- retail_xstore_point_of_service
- endeca_information_discovery_integrator
- retail_customer_insights
- application_testing_suite
- big_data_discovery
- retail_financial_integration
- retail_returns_management
- peoplesoft_enterprise_fin_install
- retail_integration_bus
netapp
- snapcenter
- oncommand_unified_manager
- oncommand_workflow_automation
- oncommand_insight
- storage_automation_store
redhat
- fuse
pivotal_software
- spring_security
vmware
- spring_framework
CWE
CWE-863
Incorrect Authorization