CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Published : 2018-05-11 20:29 Updated : 2019-10-03 00:03

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Pivotal Software Spring Framework 5.0.5 cpe:/a:pivotal_software:spring_framework:5.0.5
Oracle Application Testing Suite 12.5.0.3 cpe:/a:oracle:application_testing_suite:12.5.0.3
Oracle Application Testing Suite 13.1.0.1 cpe:/a:oracle:application_testing_suite:13.1.0.1
Oracle Application Testing Suite 13.2.0.1 cpe:/a:oracle:application_testing_suite:13.2.0.1
Oracle Application Testing Suite 13.3.0.1 cpe:/a:oracle:application_testing_suite:13.3.0.1
Oracle Communications Diameter Signaling Router 6.0 cpe:/a:oracle:communications_diameter_signaling_router:6.0
Oracle Communications Diameter Signaling Router 8.1 cpe:/a:oracle:communications_diameter_signaling_router:8.1
Oracle Communications Diameter Signaling Router 8.2 cpe:/a:oracle:communications_diameter_signaling_router:8.2
Oracle Health Sciences Information Manager 3.0 cpe:/a:oracle:health_sciences_information_manager:3.0
Oracle Healthcare Master Person Index 3.0 cpe:/a:oracle:healthcare_master_person_index:3.0
Oracle Healthcare Master Person Index 4.0 cpe:/a:oracle:healthcare_master_person_index:4.0
Oracle Insurance Calculation Engine 10.2 cpe:/a:oracle:insurance_calculation_engine:10.2
Oracle Insurance Rules Palette 10.0 cpe:/a:oracle:insurance_rules_palette:10.0
Oracle Insurance Rules Palette 10.2 cpe:/a:oracle:insurance_rules_palette:10.2
Oracle Retail Customer Insights 15.0 cpe:/a:oracle:retail_customer_insights:15.0
Oracle Retail Customer Insights 16.0 cpe:/a:oracle:retail_customer_insights:16.0
Oracle Service Architecture Leveraging Tuxedo 12.1.3.0.0 cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0
Oracle Service Architecture Leveraging Tuxedo 12.2.2.0.0 cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0
Oracle Tape Library Acsls 8.4 cpe:/a:oracle:tape_library_acsls:8.4
Pivotal Software Spring Security cpe:/a:pivotal_software:spring_security
Netapp Oncommand Insight - cpe:/a:netapp:oncommand_insight:-
Netapp Oncommand Workflow Automation - cpe:/a:netapp:oncommand_workflow_automation:-
Netapp Snapcenter - cpe:/a:netapp:snapcenter:-
Netapp Storage Automation Store - cpe:/a:netapp:storage_automation_store:-
Oracle Agile Plm 9.3.3 cpe:/a:oracle:agile_plm:9.3.3
Oracle Agile Plm 9.3.4 cpe:/a:oracle:agile_plm:9.3.4
Oracle Agile Plm 9.3.5 cpe:/a:oracle:agile_plm:9.3.5
Oracle Agile Plm 9.3.6 cpe:/a:oracle:agile_plm:9.3.6
Oracle Application Testing Suite 10.1 cpe:/a:oracle:application_testing_suite:10.1
Oracle Big Data Discovery 1.6.0 cpe:/a:oracle:big_data_discovery:1.6.0
Oracle Endeca Information Discovery Integrator 3.1.0 cpe:/a:oracle:endeca_information_discovery_integrator:3.1.0
Oracle Endeca Information Discovery Integrator 3.2.0 cpe:/a:oracle:endeca_information_discovery_integrator:3.2.0
Oracle Enterprise Manager For Mysql Database 13.2 cpe:/a:oracle:enterprise_manager_for_mysql_database:13.2
Oracle Enterprise Manager Ops Center 12.2.2 cpe:/a:oracle:enterprise_manager_ops_center:12.2.2
Oracle Enterprise Manager Ops Center 12.3.3 cpe:/a:oracle:enterprise_manager_ops_center:12.3.3
Oracle Enterprise Repository 11.1.1.7.0 cpe:/a:oracle:enterprise_repository:11.1.1.7.0
Oracle Enterprise Repository 12.1.3.0.0 cpe:/a:oracle:enterprise_repository:12.1.3.0.0
Oracle Goldengate For Big Data 12.2.0.1 cpe:/a:oracle:goldengate_for_big_data:12.2.0.1
Oracle Goldengate For Big Data 12.3.1.1 cpe:/a:oracle:goldengate_for_big_data:12.3.1.1
Oracle Goldengate For Big Data 12.3.2.1 cpe:/a:oracle:goldengate_for_big_data:12.3.2.1
Oracle Hospitality Guest Access 4.2.0 cpe:/a:oracle:hospitality_guest_access:4.2.0
Oracle Hospitality Guest Access 4.2.1 cpe:/a:oracle:hospitality_guest_access:4.2.1
Oracle Insurance Calculation Engine 10.1.1 cpe:/a:oracle:insurance_calculation_engine:10.1.1
Oracle Insurance Calculation Engine 10.2.1 cpe:/a:oracle:insurance_calculation_engine:10.2.1
Oracle Insurance Policy Administration 10.0 cpe:/a:oracle:insurance_policy_administration:10.0
Oracle Insurance Policy Administration 10.1 cpe:/a:oracle:insurance_policy_administration:10.1
Oracle Insurance Policy Administration 10.2 cpe:/a:oracle:insurance_policy_administration:10.2
Oracle Insurance Policy Administration 11.0 cpe:/a:oracle:insurance_policy_administration:11.0
Oracle Insurance Rules Palette 10.1 cpe:/a:oracle:insurance_rules_palette:10.1
Oracle Insurance Rules Palette 11.0 cpe:/a:oracle:insurance_rules_palette:11.0
Oracle Insurance Rules Palette 11.1 cpe:/a:oracle:insurance_rules_palette:11.1
Oracle Micros Lucas 2.9.5 cpe:/a:oracle:micros_lucas:2.9.5
Oracle Mysql Enterprise Monitor 8.0.2.8191 cpe:/a:oracle:mysql_enterprise_monitor:8.0.2.8191
Oracle Peoplesoft Enterprise Fin Install 9.2 cpe:/a:oracle:peoplesoft_enterprise_fin_install:9.2
Oracle Retail Assortment Planning 14.1 cpe:/a:oracle:retail_assortment_planning:14.1
Oracle Retail Assortment Planning 15.0 cpe:/a:oracle:retail_assortment_planning:15.0
Oracle Retail Assortment Planning 16.0 cpe:/a:oracle:retail_assortment_planning:16.0
Oracle Retail Back Office 14.0 cpe:/a:oracle:retail_back_office:14.0
Oracle Retail Back Office 14.1 cpe:/a:oracle:retail_back_office:14.1
Oracle Retail Central Office 14.0 cpe:/a:oracle:retail_central_office:14.0
Oracle Retail Central Office 14.1 cpe:/a:oracle:retail_central_office:14.1
Oracle Retail Financial Integration 13.2 cpe:/a:oracle:retail_financial_integration:13.2
Oracle Retail Financial Integration 14.0 cpe:/a:oracle:retail_financial_integration:14.0
Oracle Retail Financial Integration 14.1 cpe:/a:oracle:retail_financial_integration:14.1
Oracle Retail Financial Integration 15.0 cpe:/a:oracle:retail_financial_integration:15.0
Oracle Retail Financial Integration 16.0 cpe:/a:oracle:retail_financial_integration:16.0
Oracle Retail Integration Bus 14.1.2 cpe:/a:oracle:retail_integration_bus:14.1.2
Oracle Retail Point-of-service 14.0 cpe:/a:oracle:retail_point-of-service:14.0
Oracle Retail Point-of-service 14.1 cpe:/a:oracle:retail_point-of-service:14.1
Oracle Retail Returns Management 14.0 cpe:/a:oracle:retail_returns_management:14.0
Oracle Retail Returns Management 14.1 cpe:/a:oracle:retail_returns_management:14.1
Oracle Weblogic Server 10.3.6.0 cpe:/a:oracle:weblogic_server:10.3.6.0
Oracle Weblogic Server 12.1.3.0 cpe:/a:oracle:weblogic_server:12.1.3.0
Oracle Weblogic Server 12.2.1.2 cpe:/a:oracle:weblogic_server:12.2.1.2
Oracle Weblogic Server 12.2.1.3 cpe:/a:oracle:weblogic_server:12.2.1.3
  1. Netapp (4) Search CVE
    1. Snapcenter (1) Search CVE
      1. -
    2. Oncommand Insight (1) Search CVE
      1. -
    3. Storage Automation Store (1) Search CVE
      1. -
    4. Oncommand Workflow Automation (1) Search CVE
      1. -
  2. Oracle (29) Search CVE
    1. Enterprise Manager Ops Center (2) Search CVE
      1. 12.2.2
      2. 12.3.3
    2. Enterprise Manager For Mysql Database (1) Search CVE
      1. 13.2
    3. Peoplesoft Enterprise Fin Install (1) Search CVE
      1. 9.2
    4. Application Testing Suite (5) Search CVE
      1. 12.5.0.3
      2. 13.1.0.1
      3. 13.2.0.1
      4. 13.3.0.1
      5. 10.1
    5. Communications Diameter Signaling Router (3) Search CVE
      1. 6.0
      2. 8.1
      3. 8.2
    6. Retail Back Office (2) Search CVE
      1. 14.0
      2. 14.1
    7. Mysql Enterprise Monitor (1) Search CVE
      1. 8.0.2.8191
    8. Retail Integration Bus (1) Search CVE
      1. 14.1.2
    9. Big Data Discovery (1) Search CVE
      1. 1.6.0
    10. Retail Returns Management (2) Search CVE
      1. 14.0
      2. 14.1
    11. Enterprise Repository (2) Search CVE
      1. 11.1.1.7.0
      2. 12.1.3.0.0
    12. Hospitality Guest Access (2) Search CVE
      1. 4.2.0
      2. 4.2.1
    13. Goldengate For Big Data (3) Search CVE
      1. 12.2.0.1
      2. 12.3.1.1
      3. 12.3.2.1
    14. Retail Central Office (2) Search CVE
      1. 14.0
      2. 14.1
    15. Weblogic Server (4) Search CVE
      1. 10.3.6.0
      2. 12.1.3.0
      3. 12.2.1.2
      4. 12.2.1.3
    16. Healthcare Master Person Index (2) Search CVE
      1. 3.0
      2. 4.0
    17. Insurance Rules Palette (5) Search CVE
      1. 10.0
      2. 10.2
      3. 10.1
      4. 11.0
      5. 11.1
    18. Retail Point-of-service (2) Search CVE
      1. 14.0
      2. 14.1
    19. Insurance Calculation Engine (3) Search CVE
      1. 10.2
      2. 10.1.1
      3. 10.2.1
    20. Tape Library Acsls (1) Search CVE
      1. 8.4
    21. Health Sciences Information Manager (1) Search CVE
      1. 3.0
    22. Retail Assortment Planning (3) Search CVE
      1. 14.1
      2. 15.0
      3. 16.0
    23. Retail Financial Integration (5) Search CVE
      1. 13.2
      2. 14.0
      3. 14.1
      4. 15.0
      5. 16.0
    24. Endeca Information Discovery Integrator (2) Search CVE
      1. 3.1.0
      2. 3.2.0
    25. Insurance Policy Administration (4) Search CVE
      1. 10.0
      2. 10.1
      3. 10.2
      4. 11.0
    26. Retail Customer Insights (2) Search CVE
      1. 15.0
      2. 16.0
    27. Micros Lucas (1) Search CVE
      1. 2.9.5
    28. Agile Plm (4) Search CVE
      1. 9.3.3
      2. 9.3.4
      3. 9.3.5
      4. 9.3.6
    29. Service Architecture Leveraging Tuxedo (2) Search CVE
      1. 12.1.3.0.0
      2. 12.2.2.0.0
  3. Pivotal Software (2) Search CVE
    1. Spring Framework (1) Search CVE
      1. 5.0.5
    2. Spring Security (1) Search CVE

CWE

ID Name Description Links
CWE-863 Incorrect Authorization The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. CVE

History of changes

Date Event
2019-10-03 00:03
2019-07-23 23:15
2019-04-30 14:58
2019-04-23 19:31
2019-01-16 19:29
2018-10-19 10:29
2018-10-17 10:29
2018-10-17 01:31
2018-08-13 21:47
2018-07-19 01:29
2018-07-16 14:56
2018-06-14 18:07
2018-05-23 01:29
2018-05-11 20:29

New CVE