Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2018-05-11 20:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-1258
Mitre link : CVE-2018-1258
CVE.ORG link : CVE-2018-1258
JSON object : View
Products Affected
oracle
- peoplesoft_enterprise_fin_install
- endeca_information_discovery_integrator
- retail_point-of-service
- communications_network_integrity
- retail_integration_bus
- insurance_rules_palette
- enterprise_repository
- application_testing_suite
- communications_diameter_signaling_router
- big_data_discovery
- retail_xstore_point_of_service
- goldengate_for_big_data
- weblogic_server
- hospitality_guest_access
- communications_performance_intelligence_center
- retail_central_office
- insurance_policy_administration
- healthcare_master_person_index
- agile_plm
- communications_converged_application_server
- enterprise_manager_ops_center
- retail_back_office
- service_architecture_leveraging_tuxedo
- mysql_enterprise_monitor
- communications_services_gatekeeper
- retail_returns_management
- retail_financial_integration
- micros_lucas
- retail_assortment_planning
- retail_customer_insights
- insurance_calculation_engine
- tape_library_acsls
- enterprise_manager_for_mysql_database
- health_sciences_information_manager
netapp
- oncommand_unified_manager
- storage_automation_store
- snapcenter
- oncommand_workflow_automation
- oncommand_insight
pivotal_software
- spring_security
vmware
- spring_framework
redhat
- fuse
CWE
CWE-863
Incorrect Authorization