CVE-2018-1258
Description
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.348
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Oracle WebLogic Server 12.2.1.3 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 10.3.6.0 | Windows |
| Vulnerabilities CVE-2018-1258 are fixed in Springframework-core 5.0.6 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter - | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation - | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight - | Windows |
| Vulnerabilities CVE-2018-1258 are fixed in Springframework-core for Linux 5.0.6 | Linux |
| Incorrect Authorization Vulnerability (CVE-2018-1258) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234