Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM834FA9D0C13CD4B657C6CF70F3E291876051CA04AA49DCEAB25A164D09C5D286
HistoryMar 07, 2019 - 3:30 p.m.

Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities

2019-03-0715:30:02
www.ibm.com
10

0.003 Low

EPSS

Percentile

68.5%

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2016-5007 DESCRIPTION: Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the difference in the strictness of the pattern matching mechanisms. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126679 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2015-5211 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to download arbitrary files, caused by a reflected file download attack. By using a specially crafted URL with a batch script extension, an attacker could exploit this vulnerability to download a malicious response.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130673 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 10.5 - 10.6

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 10.5 - 10.6 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p610_Combined-Fix-Pack-for-GPU-600_2019-02-27&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Related

osv 7
nessus 5
fedora 3
openvas 5
github 3
cve 3
cvelist 3
debiancve 3
ubuntucve 3
redhatcve 2
prion 3
nvd 3
mageia 1
ibm 7
githubexploit 1
veracode 1
debian 1
ubuntu 1
atlassian 1
oracle 2
osv
osv
CVE-2016-5007
2017-05-25 17:29:00
Files or Directories Accessible to External Parties in org.springframework:spring-core
2018-10-17 20:29:33
Spring Security and Spring Framework may not recognize certain paths that should be protected
2018-10-17 20:30:12
nessus
nessus
Fedora 23 : springframework-3.2.15-1.fc23 (2015-065d9953e8)
2016-03-04 00:00:00
Fedora 22 : springframework-3.2.15-1.fc22 (2015-693035254a)
2016-03-04 00:00:00
Fedora 21 : springframework-3.2.15-1.fc21 (2015-9295d75400)
2016-03-04 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: springframework-3.2.15-1.fc21
2015-11-01 22:22:42
[SECURITY] Fedora 23 Update: springframework-3.2.15-1.fc23
2015-11-01 02:58:09
[SECURITY] Fedora 22 Update: springframework-3.2.15-1.fc22
2015-11-01 21:55:23
openvas
openvas
Fedora Update for springframework FEDORA-2015-693035254
2015-11-02 00:00:00
Fedora Update for springframework FEDORA-2015-9295
2015-11-02 00:00:00
Mageia: Security Advisory (MGASA-2015-0426)
2015-11-08 00:00:00
github
github
Files or Directories Accessible to External Parties in org.springframework:spring-core
2018-10-17 20:29:33
Spring Security and Spring Framework may not recognize certain paths that should be protected
2018-10-17 20:30:12
Improper Input Validation in Spring Framework
2021-04-30 17:29:51
cve
cve
CVE-2015-5211
2017-05-25 17:29:00
CVE-2016-5007
2017-05-25 17:29:00
CVE-2020-5421
2020-09-19 04:15:11
cvelist
cvelist
CVE-2016-5007
2017-05-25 17:00:00
CVE-2015-5211
2017-05-25 17:00:00
CVE-2020-5421 RFD Protection Bypass via jsessionid
2020-09-17 00:00:00
debiancve
debiancve
CVE-2016-5007
2017-05-25 17:29:00
CVE-2015-5211
2017-05-25 17:29:00
CVE-2020-5421
2020-09-19 04:15:11
ubuntucve
ubuntucve
CVE-2016-5007
2017-05-25 00:00:00
CVE-2015-5211
2017-05-25 00:00:00
CVE-2020-5421
2020-09-19 00:00:00
redhatcve
redhatcve
CVE-2016-5007
2016-07-11 04:48:28
CVE-2020-5421
2020-09-21 16:59:07
prion
prion
Authorization
2017-05-25 17:29:00
Input validation
2017-05-25 17:29:00
Design/Logic Flaw
2020-09-19 04:15:00
nvd
nvd
CVE-2016-5007
2017-05-25 17:29:00
CVE-2015-5211
2017-05-25 17:29:00
CVE-2020-5421
2020-09-19 04:15:11
mageia
mageia
Updated springframework packages fix security vulnerability
2015-11-04 21:03:05
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2016-5007, CVE-2016-9878)
2018-06-16 22:06:30
Security Bulletin: Multiple vulnerabilities in Spring Framework affect IBM InfoSphere Information Server
2019-07-11 19:25:02
Security Bulletin: [All] Spring Framework (Publicly disclosed vulnerability)
2023-06-06 05:06:05
githubexploit
githubexploit
Exploit for Vulnerability in Pivotal Software Spring Framework
2021-01-10 12:26:00
veracode
veracode
Reflected File Download (RFD) Attack
2020-09-18 08:14:19
debian
debian
[SECURITY] [DLA 1853-1] libspring-java security update
2019-07-13 21:20:48
ubuntu
ubuntu
Spring Framework vulnerabilities
2021-03-17 00:00:00
atlassian
atlassian
Insecure version of Spring Web MVC used in Confluence Analytics
2020-02-19 22:31:10
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00

0.003 Low

EPSS

Percentile

68.5%

JSON
Related for 834FA9D0C13CD4B657C6CF70F3E291876051CA04AA49DCEAB25A164D09C5D286
osv7nessus5fedora3openvas5github3cve3cvelist3debiancve3ubuntucve3redhatcve2prion3nvd3mageia1ibm7githubexploit1veracode1debian1ubuntu1atlassian1oracle2