8.2
CVE-2024-22257
- EPSS 0.26%
- Published 18.03.2024 15:15:41
- Last modified 13.02.2025 18:16:47
- Source security@vmware.com
- Teams watchlist Login
- Open Login
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorpivotal_software
≫
Product
spring_security
Default Statusunknown
Version <=
5.7.11
Version
5.7.0
Status
affected
Version <=
5.8.10
Version
5.8.0
Status
affected
Version <=
6.0.9
Version
6.0.0
Status
affected
Version <=
6.1.7
Version
6.1.0
Status
affected
Version <=
6.2.2
Version
6.2.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.496 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| security@vmware.com | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.