Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2018-05-11 20:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-1258
Mitre link : CVE-2018-1258
CVE.ORG link : CVE-2018-1258
JSON object : View
Products Affected
oracle
- communications_diameter_signaling_router
- retail_central_office
- application_testing_suite
- retail_integration_bus
- retail_customer_insights
- enterprise_manager_ops_center
- service_architecture_leveraging_tuxedo
- communications_network_integrity
- communications_performance_intelligence_center
- retail_xstore_point_of_service
- retail_point-of-service
- peoplesoft_enterprise_fin_install
- health_sciences_information_manager
- communications_converged_application_server
- big_data_discovery
- enterprise_repository
- retail_returns_management
- goldengate_for_big_data
- retail_back_office
- insurance_calculation_engine
- hospitality_guest_access
- insurance_rules_palette
- retail_financial_integration
- endeca_information_discovery_integrator
- tape_library_acsls
- insurance_policy_administration
- mysql_enterprise_monitor
- retail_assortment_planning
- healthcare_master_person_index
- agile_plm
- enterprise_manager_for_mysql_database
- weblogic_server
- communications_services_gatekeeper
- micros_lucas
pivotal_software
- spring_security
netapp
- storage_automation_store
- oncommand_insight
- oncommand_unified_manager
- snapcenter
- oncommand_workflow_automation
redhat
- fuse
vmware
- spring_framework
CWE
CWE-863
Incorrect Authorization