CVE-2018-1258

CWE-863Incorrect AuthorizationCWE-287Improper Authentication10 documents7 sources
Severity
8.8HIGH
EPSS
0.3%
top 47.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
38
Oracle Communications Converged Application ServerOracle Communications Diameter Signaling RouterOracle Communications Performance Intelligence Center+35 more
Timeline
PublishedMay 11
Latest updateJul 15

Description

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages39 packages

Mavenorg.springframework:spring-core5.0.5.RELEASE5.0.6.RELEASE
CVEListV5pivotal/spring_framework5.0.5

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: access.redhat.com

🔴Vulnerability Details

3
GHSA
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass2018-10-17
OSV
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass2018-10-17
CVEList
CVE-2018-1258: Spring Framework version 52018-05-11

📋Vendor Advisories

4
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Spring Framework) — CVE-2018-12582020-07-15
Oracle
Oracle Oracle Retail Applications Risk Matrix: Xenvironment (jackson-databind) — CVE-2018-12582020-04-15
Oracle
Oracle Oracle Retail Applications Risk Matrix: Dataset Component (Spring Framework) — CVE-2018-12582020-01-15
Red Hat
spring-security-core: Unauthorized Access with Spring Security Method Security2018-05-09

💬Community

2
Bugzilla
CVE-2018-1258 springframework-security: spring-security-core: Unauthorized Access with Spring Security Method Security [fedora-all]2018-05-16
Bugzilla
CVE-2018-1258 spring-security-core: Unauthorized Access with Spring Security Method Security2018-05-15