CVE-2018-1258

EPSS 0.16%
Published 11.05.2018 20:29:00
Last modified 21.11.2024 03:59:28
Source security_alert@emc.com
Teams watchlist Login
Open Login

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Affected products Warnungen 0 Metrics 3 CWE 1 References 19

Data is provided by the National Vulnerability Database (NVD)

Pivotal Software ≫ Spring Security

VMware ≫ Spring Framework Version5.0.5

Oracle ≫ Agile Plm Version9.3.3

Oracle ≫ Agile Plm Version9.3.4

Oracle ≫ Agile Plm Version9.3.5

Oracle ≫ Agile Plm Version9.3.6

Oracle ≫ Application Testing Suite Version10.1

Oracle ≫ Application Testing Suite Version12.5.0.3

Oracle ≫ Application Testing Suite Version13.1.0.1

Oracle ≫ Application Testing Suite Version13.2.0.1

Oracle ≫ Application Testing Suite Version13.3.0.1

Oracle ≫ Big Data Discovery Version1.6.0

Oracle ≫ Communications Converged Application Server Version < 7.0.0.1

Oracle ≫ Communications Diameter Signaling Router Version < 8.3

Oracle ≫ Communications Network Integrity Version >= 7.3.2 <= 7.3.6

Oracle ≫ Communications Performance Intelligence Center Version < 10.2.1

Oracle ≫ Communications Services Gatekeeper Version < 6.1.0.4.0

Oracle ≫ Endeca Information Discovery Integrator Version3.1.0

Oracle ≫ Endeca Information Discovery Integrator Version3.2.0

Oracle ≫ Enterprise Manager For Mysql Database Version13.2

Oracle ≫ Enterprise Manager Ops Center Version12.2.2

Oracle ≫ Enterprise Manager Ops Center Version12.3.3

Oracle ≫ Enterprise Repository Version11.1.1.7.0

Oracle ≫ Enterprise Repository Version12.1.3.0.0

Oracle ≫ Goldengate For Big Data Version12.2.0.1

Oracle ≫ Goldengate For Big Data Version12.3.1.1

Oracle ≫ Goldengate For Big Data Version12.3.2.1

Oracle ≫ Health Sciences Information Manager Version3.0

Oracle ≫ Healthcare Master Person Index Version3.0

Oracle ≫ Healthcare Master Person Index Version4.0

Oracle ≫ Hospitality Guest Access Version4.2.0

Oracle ≫ Hospitality Guest Access Version4.2.1

Oracle ≫ Insurance Calculation Engine Version10.1.1

Oracle ≫ Insurance Calculation Engine Version10.2

Oracle ≫ Insurance Calculation Engine Version10.2.1

Oracle ≫ Insurance Policy Administration Version10.0

Oracle ≫ Insurance Policy Administration Version10.1

Oracle ≫ Insurance Policy Administration Version10.2

Oracle ≫ Insurance Policy Administration Version11.0

Oracle ≫ Insurance Rules Palette Version10.0

Oracle ≫ Insurance Rules Palette Version10.1

Oracle ≫ Insurance Rules Palette Version10.2

Oracle ≫ Insurance Rules Palette Version11.0

Oracle ≫ Insurance Rules Palette Version11.1

Oracle ≫ Micros Lucas Version2.9.5

Oracle ≫ Mysql Enterprise Monitor Version <= 8.0.2.8191

Oracle ≫ Peoplesoft Enterprise Fin Install Version9.2

Oracle ≫ Retail Assortment Planning Version14.1

Oracle ≫ Retail Assortment Planning Version15.0

Oracle ≫ Retail Assortment Planning Version16.0

Oracle ≫ Retail Back Office Version14.0

Oracle ≫ Retail Back Office Version14.1

Oracle ≫ Retail Central Office Version14.0

Oracle ≫ Retail Central Office Version14.1

Oracle ≫ Retail Customer Insights Version15.0

Oracle ≫ Retail Customer Insights Version16.0

Oracle ≫ Retail Financial Integration Version13.2

Oracle ≫ Retail Financial Integration Version14.0

Oracle ≫ Retail Financial Integration Version14.1

Oracle ≫ Retail Financial Integration Version15.0

Oracle ≫ Retail Financial Integration Version16.0

Oracle ≫ Retail Integration Bus Version14.1.2

Oracle ≫ Retail Point-of-service Version14.0

Oracle ≫ Retail Point-of-service Version14.1

Oracle ≫ Retail Returns Management Version14.0

Oracle ≫ Retail Returns Management Version14.1

Oracle ≫ Retail Xstore Point Of Service Version17.0

Oracle ≫ Service Architecture Leveraging Tuxedo Version12.1.3.0.0

Oracle ≫ Service Architecture Leveraging Tuxedo Version12.2.2.0.0

Oracle ≫ Tape Library Acsls Version8.4

Oracle ≫ Weblogic Server Version10.3.6.0

Oracle ≫ Weblogic Server Version12.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.2

Oracle ≫ Weblogic Server Version12.2.1.3

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Unified Manager SwPlatformwindows Version >= 7.3

Netapp ≫ Oncommand Unified Manager SwPlatformvsphere Version >= 9.4

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Snapcenter Version-

Netapp ≫ Storage Automation Store Version-

Redhat ≫ Fuse Version7.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.377

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2021.html

Patch

Third Party Advisory