Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:41432
HistoryJul 21, 2023 - 2:37 a.m.

Authorization Rule Misconfiguration

2023-07-2102:37:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
authorization rule misconfiguration
spring-security-config
requestmatcher
abstractrequestmatcherregistry.java
validation
function
servlets
dispatcherservlet
vulnerability
spring mvc

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

29.7%

JSON

spring-security-config is vulnerable to Authorization Rule Misconfiguration. The vulnerability exists due to the lack of validation in the RequestMatcher of AbstractRequestMatcherRegistry.java when the application uses the requestMatchers(String) function with multiple servlets, one of them being Spring MVC’s DispatcherServlet.

Related

cvelist 1
osv 2
cve 1
github 1
prion 1
nvd 1
githubexploit 1
ibm 6
spring 1
nessus 1
ics 1
oracle 3
cvelist
cvelist
CVE-2023-34035
2023-07-18 15:29:10
osv
osv
CVE-2023-34035
2023-07-18 16:15:11
Spring Security's authorization rules can be misconfigured when using multiple servlets
2023-07-18 18:30:36
cve
cve
CVE-2023-34035
2023-07-18 16:15:11
github
github
Spring Security's authorization rules can be misconfigured when using multiple servlets
2023-07-18 18:30:36
prion
prion
Authorization
2023-07-18 16:15:00
nvd
nvd
CVE-2023-34035
2023-07-18 16:15:11
githubexploit
githubexploit
Exploit for Incorrect Authorization in Vmware Spring Security
2023-08-01 21:15:01
ibm
ibm
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Security
2023-11-29 01:25:50
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . Multiple CVEs
2023-10-11 09:28:31
Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34034 and CVE-2023-34035 used in IBM Maximo Application Suite - Monitor Component
2023-09-26 18:30:31
spring
spring
This Week in Spring - July 25th, 2023
2023-07-25 00:00:00
nessus
nessus
Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities
2024-02-29 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

29.7%

JSON
Related for VERACODE:41432
cvelist1osv2cve1github1prion1nvd1githubexploit1ibm6spring1nessus1ics1oracle3