Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2015BB1F11481A9524CD82B1C73C1AA36AC4BB126D40C5AB8F28A17F0A965A22
HistorySep 28, 2018 - 4:30 a.m.

Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability

2018-09-2804:30:01
www.ibm.com
13

0.259 Low

EPSS

Percentile

96.7%

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2017-8039 DESCRIPTION: Pivotal Spring Web Flow could provide weaker than expected security, caused by an error related to applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135398&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2017-4971 DESCRIPTION: Pivotal Spring Web Flow could provide weaker than expected, caused by an error related to applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127748&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2016-9878 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize paths provided to ResourceServlet. An attacker could send a specially-crafted URL request containing directory traversal sequences to view arbitrary files on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120241&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 10.5

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 10.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FInfoSphere+Guardium&amp;fixids=SqlGuard_10.0p512_Sep-24-2018&amp;source=SAR&amp;function=fixId&amp;parent=IBM Security

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security guardiumeq10.5

Related

cve 3
nvd 3
prion 3
redhatcve 3
osv 7
nessus 6
cvelist 3
github 3
ubuntucve 1
veracode 3
debiancve 1
fedora 1
openvas 3
seebug 1
myhack58 2
checkpoint_advisories 1
ibm 9
redhat 1
debian 1
atlassian 1
ubuntu 1
oracle 4
cve
cve
CVE-2017-8039
2017-11-27 10:29:00
CVE-2016-9878
2016-12-29 09:59:00
CVE-2017-4971
2017-06-13 06:29:00
nvd
nvd
CVE-2017-8039
2017-11-27 10:29:00
CVE-2016-9878
2016-12-29 09:59:00
CVE-2017-4971
2017-06-13 06:29:00
prion
prion
Design/Logic Flaw
2017-11-27 10:29:00
Directory traversal
2016-12-29 09:59:00
Design/Logic Flaw
2017-06-13 06:29:00
redhatcve
redhatcve
CVE-2017-8039
2017-09-22 08:49:30
CVE-2016-9878
2016-12-22 11:17:24
CVE-2017-4971
2017-06-01 07:19:48
osv
osv
CVE-2017-8039
2017-11-27 10:29:00
Insecure Default Initialization of Resource in Pivotal Spring Web Flow
2022-05-13 01:47:15
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
2018-10-04 20:29:55
nessus
nessus
RHEL 7 : spring-webflow (Unpatched Vulnerability)
2024-05-11 00:00:00
Fedora 25 : springframework (2016-f341d71730)
2017-01-03 00:00:00
MySQL Enterprise Monitor 3.3.x < 3.3.9.3339 / 3.4.x < 3.4.7.4296 / 4.0.x < 4.0.4.5233 Multiple Vulnerabilities (April 2018 CPU)
2018-08-09 00:00:00
cvelist
cvelist
CVE-2017-8039
2017-11-27 10:00:00
CVE-2016-9878
2016-12-29 09:02:00
CVE-2017-4971
2017-06-13 06:00:00
github
github
Insecure Default Initialization of Resource in Pivotal Spring Web Flow
2022-05-13 01:47:15
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
2018-10-04 20:29:55
Insecure Default Initialization of Resource in Pivotal Spring Web Flow
2022-05-13 01:45:59
ubuntucve
ubuntucve
CVE-2016-9878
2016-12-29 00:00:00
veracode
veracode
Directory Traversal
2016-12-28 07:29:41
Data Binding Expression Vulnerability
2017-09-18 04:54:49
Data Binding Expression Vulnerability
2017-06-06 03:27:56
debiancve
debiancve
CVE-2016-9878
2016-12-29 09:59:00
fedora
fedora
[SECURITY] Fedora 25 Update: springframework-3.2.18-1.fc25
2017-01-01 21:51:55
openvas
openvas
Fedora Update for springframework FEDORA-2016-f341d71730
2017-01-04 00:00:00
Debian: Security Advisory (DLA-1853-1)
2019-07-14 00:00:00
Ubuntu: Security Advisory (USN-4774-1)
2023-01-27 00:00:00
seebug
seebug
Pivotal Spring Web Flow Security Bypass Vulnerability(CVE-2017-4971)
2017-06-12 00:00:00
myhack58
myhack58
CVE-2017-4971: Spring WebFlow remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
2017-06-12 00:00:00
Spring WebFlow remote code execution vulnerability analysis(CVE-2017-4971)-vulnerability warning-the black bar safety net
2017-06-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Spring Web Flow SPEL Command Injection (CVE-2017-4971) - Ver2
2018-04-11 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2016-5007, CVE-2016-9878)
2018-06-16 22:06:30
Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Spring Framework
2022-05-13 14:58:22
Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities
2018-06-16 22:05:41
redhat
redhat
(RHSA-2017:3115) Moderate: Red Hat JBoss Fuse/A-MQ 6.3 R5 security and bug fix update
2017-11-02 20:06:29
debian
debian
[SECURITY] [DLA 1853-1] libspring-java security update
2019-07-13 21:20:48
atlassian
atlassian
Insecure version of Spring Web MVC used in Confluence Analytics
2020-02-19 22:31:10
ubuntu
ubuntu
Spring Framework vulnerabilities
2021-03-17 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00

0.259 Low

EPSS

Percentile

96.7%

JSON
Related for 2015BB1F11481A9524CD82B1C73C1AA36AC4BB126D40C5AB8F28A17F0A965A22
cve3nvd3prion3redhatcve3osv7nessus6cvelist3github3ubuntucve1veracode3debiancve1fedora1openvas3seebug1myhack582checkpoint_advisories1ibm9redhat1debian1atlassian1ubuntu1oracle4