Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2024-09335
HistoryFeb 21, 2024 - 12:00 a.m.

Access Control Error Vulnerability in Spring Security

2024-02-2100:00:00
China National Vulnerability Database
www.cnvd.org.cn
23
spring security
enterprise applications
declarative security
access control
spring ioc
di
aop
vulnerability
authentication
authorization bypass
exploitation

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

9.0%

JSON

Spring Security is a Spring-based enterprise applications can provide a declarative security access control solution for the security framework . It provides a set of beans that can be configured in the Spring application context , taking full advantage of the Spring IoC, DI (Control Inversion Inversion of Control ,DI: Dependency Injection Dependency Injection) and AOP (for the cutting-edge programming) functionality for the application system to provide a declarative security access control functionality , reducing the work of writing a large number of repetitive code for enterprise system security control . Spring Security has an Access Control Error vulnerability that can be exploited by attackers for authentication and authorization bypass.

Related

cvelist 1
prion 1
veracode 1
github 1
nvd 1
cve 1
vulnrichment 1
osv 1
redhatcve 1
githubexploit 1
redhat 2
ibm 3
oracle 1
cvelist
cvelist
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
2024-02-20 07:02:50
prion
prion
Improper access control
2024-02-20 07:15:00
veracode
veracode
Broken Access Control
2024-02-21 06:57:47
github
github
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
2024-02-20 09:30:30
nvd
nvd
CVE-2024-22234
2024-02-20 07:15:09
cve
cve
CVE-2024-22234
2024-02-20 07:15:09
vulnrichment
vulnrichment
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
2024-02-20 07:02:50
osv
osv
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
2024-02-20 09:30:30
redhatcve
redhatcve
CVE-2024-22234
2024-02-20 19:49:42
githubexploit
githubexploit
Exploit for CVE-2024-22234
2024-02-23 10:09:51
redhat
redhat
(RHSA-2024:3550) Important: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.
2024-06-03 11:50:58
(RHSA-2024:6667) Important: Red Hat OpenShift Dev Spaces 3.16.0 release
2024-09-12 20:17:28
ibm
ibm
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.14.4 IF001
2024-05-14 20:42:21
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
2024-04-10 09:27:08
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.
2024-08-28 19:14:53
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

9.0%

JSON
Related for CNVD-2024-09335
cvelist1prion1veracode1github1nvd1cve1vulnrichment1osv1redhatcve1githubexploit1redhat2ibm3oracle1