CVE-2010-3700

CWE-264CWE-2884 documents4 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 51.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Acegisecurity Acegi-securityIBM Websphere Application ServerVmware Springsource Spring Security
Timeline
PublishedOct 29
Latest updateMay 14

Description

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

Mavenorg.acegisecurity:acegi-security1.0.01.0.7

🔴Vulnerability Details

3
OSV
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security2022-05-14
GHSA
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security2022-05-14
CVEList
CVE-2010-3700: VMware SpringSource Spring Security 22010-10-29
CVE-2010-3700 (MEDIUM CVSS 5) | VMware SpringSource Spring Security | cvebase.io