Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 03:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory | |
References | () http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/104222 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1041888 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1041896 - Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/errata/RHSA-2019:2413 - Patch, Third Party Advisory | |
References | () https://pivotal.io/security/cve-2018-1258 - Vendor Advisory | |
References | () https://security.netapp.com/advisory/ntap-20181018-0002/ - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2020.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Third Party Advisory |
Information
Published : 2018-05-11 20:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1258
Mitre link : CVE-2018-1258
CVE.ORG link : CVE-2018-1258
JSON object : View
Products Affected
oracle
- communications_services_gatekeeper
- enterprise_repository
- endeca_information_discovery_integrator
- insurance_policy_administration
- peoplesoft_enterprise_fin_install
- communications_converged_application_server
- retail_financial_integration
- healthcare_master_person_index
- application_testing_suite
- retail_point-of-service
- agile_plm
- communications_network_integrity
- weblogic_server
- retail_back_office
- communications_performance_intelligence_center
- service_architecture_leveraging_tuxedo
- retail_central_office
- enterprise_manager_for_mysql_database
- insurance_rules_palette
- big_data_discovery
- enterprise_manager_ops_center
- retail_assortment_planning
- goldengate_for_big_data
- micros_lucas
- health_sciences_information_manager
- insurance_calculation_engine
- communications_diameter_signaling_router
- mysql_enterprise_monitor
- retail_integration_bus
- tape_library_acsls
- retail_customer_insights
- hospitality_guest_access
- retail_xstore_point_of_service
- retail_returns_management
netapp
- oncommand_unified_manager
- storage_automation_store
- oncommand_insight
- snapcenter
- oncommand_workflow_automation
redhat
- fuse
pivotal_software
- spring_security
vmware
- spring_framework
CWE
CWE-863
Incorrect Authorization