Podatność CVE-2018-1258


Publikacja: 2018-05-11   Modyfikacja: 2018-05-12

Opis:
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Typ:

CWE-863

(Incorrect Authorization)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
6.5/10
6.4/10
8/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Jednorazowa
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy
Affected software
Pivotal software -> Spring framework 
Pivotal software -> Spring security 
Oracle -> Agile plm 
Oracle -> Retail integration bus 
Oracle -> Big data discovery 
Oracle -> Retail point-of-service 
Oracle -> Application testing suite 
Oracle -> Endeca information discovery integrator 
Oracle -> Retail returns management 
Oracle -> Communications diameter signaling router 
Oracle -> Enterprise manager for mysql database 
Oracle -> Weblogic server 
Oracle -> Health sciences information manager 
Oracle -> Enterprise manager ops center 
Oracle -> Healthcare master person index 
Oracle -> Enterprise repository 
Oracle -> Insurance calculation engine 
Oracle -> Goldengate for big data 
Oracle -> Insurance rules palette 
Oracle -> Hospitality guest access 
Oracle -> Retail customer insights 
Oracle -> Insurance policy administration 
Oracle -> Service architecture leveraging tuxedo 
Oracle -> Micros lucas 
Oracle -> Tape library acsls 
Oracle -> Mysql enterprise monitor 
Oracle -> Peoplesoft enterprise fin install 
Oracle -> Retail assortment planning 
Oracle -> Retail back office 
Oracle -> Retail central office 
Oracle -> Retail financial integration 
Netapp -> Oncommand insight 
Netapp -> Oncommand workflow automation 
Netapp -> Snapcenter 
Netapp -> Storage automation store 

 Referencje:
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104222
http://www.securitytracker.com/id/1041888
http://www.securitytracker.com/id/1041896
https://access.redhat.com/errata/RHSA-2019:2413
https://pivotal.io/security/cve-2018-1258
https://security.netapp.com/advisory/ntap-20181018-0002/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Copyright 2021, cxsecurity.com

 

Back to Top