CVE-2010-3700
Description
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
0.248
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update websphere_application_server 7.0 to latest version | Windows |
| Vulnerabilities CVE-2010-3700 are fixed in Spring-security-core 2.0.6 | Windows |
| Vulnerabilities CVE-2010-3700 are fixed in Spring-security-core 3.0.4 | Windows |
| Vulnerabilities CVE-2010-3700 are affected in Acegisecurity - acegi-security 1.0.7 | Windows |
| Vulnerabilities CVE-2010-3700 are fixed in Spring-security-core for Linux 2.0.6 | Linux |
| Vulnerabilities CVE-2010-3700 are fixed in Spring-security-core for Linux 3.0.4 | Linux |
| Vulnerabilities CVE-2010-3700 are affected in Acegisecurity - acegi-security for Linux 1.0.7 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234