Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
pivotal_software / spring_security - -
vmware / spring_framework 5.0.5 5.0.5.x
oracle / weblogic_server 12.2.1.2 12.2.1.2.x
oracle / enterprise_manager_ops_center 12.2.2 12.2.2.x
oracle / weblogic_server 12.1.3.0 12.1.3.0.x
oracle / weblogic_server 10.3.6.0 10.3.6.0.x
oracle / enterprise_repository 12.1.3.0.0 12.1.3.0.0.x
oracle / enterprise_repository 11.1.1.7.0 11.1.1.7.0.x
oracle / application_testing_suite 12.5.0.3 12.5.0.3.x
oracle / retail_back_office 14.1 14.1.x
oracle / retail_back_office 14.0 14.0.x
oracle / hospitality_guest_access 4.2.0 4.2.0.x
oracle / hospitality_guest_access 4.2.1 4.2.1.x
oracle / enterprise_manager_ops_center 12.3.3 12.3.3.x
oracle / weblogic_server 12.2.1.3 12.2.1.3.x
oracle / endeca_information_discovery_integrator 3.2.0 3.2.0.x
oracle / endeca_information_discovery_integrator 3.1.0 3.1.0.x
oracle / application_testing_suite 13.1.0.1 13.1.0.1.x
oracle / application_testing_suite 13.2.0.1 13.2.0.1.x
oracle / application_testing_suite 13.3.0.1 13.3.0.1.x
oracle / communications_diameter_signaling_router - 8.3
oracle / communications_performance_intelligence_center - 10.2.1
oracle / insurance_rules_palette 10.0 10.0.x
oracle / insurance_rules_palette 10.2 10.2.x
oracle / communications_services_gatekeeper - 6.1.0.4.0
oracle / health_sciences_information_manager 3.0 3.0.x
oracle / healthcare_master_person_index 3.0 3.0.x
oracle / healthcare_master_person_index 4.0 4.0.x
oracle / insurance_calculation_engine 10.2 10.2.x
oracle / retail_customer_insights 15.0 15.0.x
oracle / retail_customer_insights 16.0 16.0.x
oracle / tape_library_acsls 8.4 8.4.x
oracle / communications_converged_application_server - 7.0.0.1
oracle / service_architecture_leveraging_tuxedo 12.1.3.0.0 12.1.3.0.0.x
oracle / service_architecture_leveraging_tuxedo 12.2.2.0.0 12.2.2.0.0.x
oracle / insurance_calculation_engine 10.2.1 10.2.1.x
oracle / insurance_calculation_engine 10.1.1 10.1.1.x
oracle / insurance_rules_palette 10.1 10.1.x
oracle / insurance_rules_palette 11.0 11.0.x
oracle / insurance_rules_palette 11.1 11.1.x
oracle / big_data_discovery 1.6.0 1.6.0.x
oracle / goldengate_for_big_data 12.2.0.1 12.2.0.1.x
oracle / goldengate_for_big_data 12.3.1.1 12.3.1.1.x
oracle / goldengate_for_big_data 12.3.2.1 12.3.2.1.x
oracle / enterprise_manager_for_mysql_database 13.2 13.2.x
oracle / retail_integration_bus 14.1.2 14.1.2.x
oracle / retail_returns_management 14.0 14.0.x
oracle / retail_returns_management 14.1 14.1.x
oracle / retail_central_office 14.0 14.0.x
oracle / retail_central_office 14.1 14.1.x
oracle / retail_assortment_planning 15.0 15.0.x
oracle / retail_point-of-service 14.1 14.1.x
oracle / retail_point-of-service 14.0 14.0.x
oracle / peoplesoft_enterprise_fin_install 9.2 9.2.x
oracle / insurance_policy_administration 10.0 10.0.x
oracle / insurance_policy_administration 10.1 10.1.x
oracle / insurance_policy_administration 10.2 10.2.x
oracle / insurance_policy_administration 11.0 11.0.x
oracle / agile_plm 9.3.3 9.3.3.x
oracle / agile_plm 9.3.4 9.3.4.x
oracle / agile_plm 9.3.5 9.3.5.x
oracle / agile_plm 9.3.6 9.3.6.x
oracle / retail_assortment_planning 14.1 14.1.x
oracle / retail_assortment_planning 16.0 16.0.x
oracle / retail_financial_integration 13.2 13.2.x
oracle / retail_financial_integration 14.0 14.0.x
oracle / retail_financial_integration 14.1 14.1.x
oracle / retail_financial_integration 15.0 15.0.x
oracle / retail_financial_integration 16.0 16.0.x
oracle / micros_lucas 2.9.5 2.9.5.x
oracle / mysql_enterprise_monitor - 8.0.2.8191.x
oracle / application_testing_suite 10.1 10.1.x
oracle / retail_xstore_point_of_service 17.0 17.0.x
oracle / communications_network_integrity 7.3.2 7.3.6.x
netapp / oncommand_unified_manager 7.3 7.3.x
netapp / oncommand_unified_manager 9.4 9.4.x
redhat / fuse 7.3.0 7.3.0.x
org.springframework / spring-core 5.0.5.RELEASE 5.0.5.release.x
org.springframework / spring-core 5.0.5.RELEASE 5.0.6.RELEASE