Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability

Bugtraq ID: 104222
Class: Design Error
CVE: CVE-2018-1258
Remote: Yes
Local: No
Published: May 09 2018 12:00AM
Updated: Apr 18 2019 11:00AM
Credit: Spring Security Team.
Vulnerable: Pivotal Spring Security 0
Pivotal Spring Framework 5.0.5.RELEASE
Oracle Weblogic Server 10.3.6 0
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.3
Oracle Weblogic Server 12.1.3.0
Oracle Utilities Network Management System 1.12.0.3
Oracle Retail Integration Bus 14.1.2
Oracle Retail Financial Integration 16.0
Oracle Retail Financial Integration 15.0
Oracle Retail Financial Integration 14.1
Oracle Retail Financial Integration 14.0
Oracle Retail Financial Integration 13.2
Oracle Retail Customer Insights 16.0
Oracle Retail Customer Insights 15.0
Oracle Retail Assortment Planning 16.0
Oracle Retail Assortment Planning 15.0
Oracle Retail Assortment Planning 14.1
Oracle Primavera Gateway 17.12
Oracle Primavera Gateway 16.2
Oracle Primavera Gateway 15.2
Oracle MySQL Enterprise Monitor 8.0.2.8191
Oracle MySQL Enterprise Monitor 4.0.6.5281
Oracle MySQL Enterprise Monitor 3.4.9.4237
Oracle MICROS Lucas 2.9.5
Oracle Insurance Rules Palette 10.2
Oracle Insurance Rules Palette 10.0
Oracle Insurance Calculation Engine 10.2
Oracle Hospitality Guest Access 4.2.1
Oracle Hospitality Guest Access 4.2
Oracle Healthcare Master Person Index 4.0
Oracle Healthcare Master Person Index 3.0
Oracle Health Sciences Information Manager 3.0
Oracle FLEXCUBE Private Banking 2.2 1
Oracle FLEXCUBE Private Banking 2.0.0.0
Oracle FLEXCUBE Private Banking 12.1.0.0
Oracle FLEXCUBE Private Banking 12.0.3.0
Oracle FLEXCUBE Private Banking 12.0.1.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Enterprise Manager Base Platform 13.3.0.0.0
Oracle Enterprise Manager Base Platform 13.2.0.0.0
Oracle Enterprise Manager Base Platform 12.1.0.5.0
Oracle Enterprise Manager 13.2.0.0
Oracle Endeca Information Discovery Integrator 3.2
Oracle Endeca Information Discovery Integrator 3.1
Oracle Communications Unified Inventory Management 7.4
Oracle Communications Unified Inventory Management 7.3.5
Oracle Communications Unified Inventory Management 7.3.4
Oracle Communications Unified Inventory Management 7.3.2
Oracle Communications Services Gatekeeper 6.0
Oracle Communications Services Gatekeeper 5.1
Oracle Communications Performance Intelligence Center (PIC) Software 10.2
Oracle Communications Performance Intelligence Center (PIC) Software 10.1.5.1
Oracle Communications Performance Intelligence Center 10.1.5
Oracle Communications Performance Intelligence Center 10.1
Oracle Communications Performance Intelligence Center 9.0.3
Oracle Communications Performance Intelligence Center 9.0
Oracle Communications Diameter Signaling Router 7.1
Oracle Communications Diameter Signaling Router 6.0.2
Oracle Communications Diameter Signaling Router 6.0
Oracle Communications Diameter Signaling Router 5.1
Oracle Communications Diameter Signaling Router 4.1.6
Oracle Communications Diameter Signaling Router 4.1
Oracle Communications Diameter Signaling Router 8.0
Oracle Communications Diameter Signaling Router 7.0
Oracle Communications Diameter Signaling Router 5.0
Oracle Communications Diameter Signaling Router 4.0
Oracle Communications Diameter Signaling Router 3.0
Oracle Application Testing Suite 13.3.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 12.5.0.3
Oracle Agile PLM 9.3.5
Oracle Agile PLM 9.3.3
Oracle Agile PLM 9.3.6
Oracle Agile PLM 9.3.4
Not Vulnerable: Pivotal Spring Framework 5.0.6.RELEASE
Oracle Communications Services Gatekeeper 6.1.0.4.0
Oracle Communications Performance Intelligence Center (PIC) Software 10.2.1
Oracle Communications Diameter Signaling Router 8.3


 

Privacy Statement
Copyright 2010, SecurityFocus