CVE-2018-1258 in Oracle Communications Network Integrityinfo

Summary

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Reservation

12/06/2017

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
158121Oracle Communications Network Integrity Core authorization863Not definedOfficial fixCVE-2018-1258
153646Oracle Retail Xstore Point of Service Xenvironment authorization863Not definedOfficial fixCVE-2018-1258
148948Oracle Retail Markdown Optimization Common Component Integration authorization863Not definedOfficial fixCVE-2018-1258
148947Oracle Retail Clearance Optimization Engine Dataset authorization863Not definedOfficial fixCVE-2018-1258
138116Oracle Retail Service Backbone Spring authorization863Not definedOfficial fixCVE-2018-1258
138115Oracle Retail Predictive Application Server Spring authorization863Not definedOfficial fixCVE-2018-1258
138114Oracle Retail Predictive Application Server Spring authorization863Not definedOfficial fixCVE-2018-1258
133759Oracle Utilities Network Management System Web Gateway Client authorization863Not definedOfficial fixCVE-2018-1258
133599Oracle WebLogic Server WLS Core Components authorization863Not definedOfficial fixCVE-2018-1258
133572Oracle FLEXCUBE Private Banking Spring authorization863Not definedOfficial fixCVE-2018-1258
133562Oracle Enterprise Manager Ops Center Networking authorization863Not definedOfficial fixCVE-2018-1258
133561Oracle Enterprise Manager Base Platform Enterprise Manager Install authorization863Not definedOfficial fixCVE-2018-1258
133499Oracle Communications Unified Inventory Management Spring authorization863Not definedOfficial fixCVE-2018-1258
129676Oracle Retail Customer Insights Spring authorization863Not definedOfficial fixCVE-2018-1258
129610Oracle Insurance Rules Palette Spring authorization863Not definedOfficial fixCVE-2018-1258
129609Oracle Insurance Calculation Engine Spring authorization863Not definedOfficial fixCVE-2018-1258
129598Oracle Healthcare Master Person Index Spring authorization863Not definedOfficial fixCVE-2018-1258
129597Oracle Health Sciences Information Manager Health Policy authorization863Not definedOfficial fixCVE-2018-1258
129510Oracle Application Testing Suite OpenSSL authorization863Not definedOfficial fixCVE-2018-1258
129468Oracle Communications Services Gatekeeper Spring authorization863Not definedOfficial fixCVE-2018-1258
129467Oracle Communications Performance Intelligence Center Software Spring authorization863Not definedOfficial fixCVE-2018-1258
129466Oracle Communications Diameter Signaling Router Spring authorization863Not definedOfficial fixCVE-2018-1258
125646Oracle Agile PLM Application Server improper authorization285Not definedOfficial fixCVE-2018-1258
125609Oracle Retail Integration Bus RIB Kernal authorization863Not definedOfficial fixCVE-2018-1258
125608Oracle Retail Financial Integration PeopleSoft Integration Bugs authorization863Not definedOfficial fixCVE-2018-1258
125607Oracle Retail Assortment Planning Application Core authorization863Not definedOfficial fixCVE-2018-1258
125606Oracle MICROS Lucas Spring authorization863Not definedOfficial fixCVE-2018-1258
125534Oracle MySQL Enterprise Monitor Monitoring authorization863Not definedOfficial fixCVE-2018-1258
125489Oracle Hospitality Guest Access Spring authorization863Not definedOfficial fixCVE-2018-1258
125436Oracle WebLogic Server Spring authorization863Not definedOfficial fixCVE-2018-1258
125435Oracle Endeca Information Discovery Integrator Spring authorization863Not definedOfficial fixCVE-2018-1258
125415Oracle Enterprise Manager for MySQL Database EM Plugin authorization863Not definedOfficial fixCVE-2018-1258
117636Spring Framework improper authorization285Not definedOfficial fixCVE-2018-1258

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!