CVE-2018-1258

CVSS v3.1 8.8 (High)

CVSS v2.0 6.5 (Medium)

EPSS 0.41 % (74^th)

Affected Products 42

Advisories 1

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Weaknesses

CWE-863: Incorrect Authorization

CVE Status: PUBLISHED
CNA: Dell
Published Date: 2018-05-11 20:29:00
(6 years ago)
Updated Date: 2022-04-11 17:18:30
(2 years ago)

Affected Products

Netapp

Oracle

Configuration #1

		CPE23	From	Up To
	Pivotal Software Spring Security	cpe:2.3:a:pivotal_software:spring_security
	Vmware Spring Framework 5.0.5	cpe:2.3:a:vmware:spring_framework:5.0.5

Configuration #2

	CPE23	From	Up To
Oracle Agile Plm 9.3.3	cpe:2.3:a:oracle:agile_plm:9.3.3
Oracle Agile Plm 9.3.4	cpe:2.3:a:oracle:agile_plm:9.3.4
Oracle Agile Plm 9.3.5	cpe:2.3:a:oracle:agile_plm:9.3.5
Oracle Agile Plm 9.3.6	cpe:2.3:a:oracle:agile_plm:9.3.6
Oracle Application Testing Suite 10.1	cpe:2.3:a:oracle:application_testing_suite:10.1
Oracle Application Testing Suite 12.5.0.3	cpe:2.3:a:oracle:application_testing_suite:12.5.0.3
Oracle Application Testing Suite 13.1.0.1	cpe:2.3:a:oracle:application_testing_suite:13.1.0.1
Oracle Application Testing Suite 13.2.0.1	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1
Oracle Application Testing Suite 13.3.0.1	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1
Oracle Big Data Discovery 1.6.0	cpe:2.3:a:oracle:big_data_discovery:1.6.0
Oracle Communications Converged Application Server prior 7.0.0.1 version	cpe:2.3:a:oracle:communications_converged_application_server		< 7.0.0.1
Oracle Communications Diameter Signaling Router prior 8.3 version	cpe:2.3:a:oracle:communications_diameter_signaling_router		< 8.3
Oracle Communications Network Integrity from 7.3.2 version and 7.3.6 and prior versions	cpe:2.3:a:oracle:communications_network_integrity	>= 7.3.2	<= 7.3.6
Oracle Communications Performance Intelligence Center prior 10.2.1 version	cpe:2.3:a:oracle:communications_performance_intelligence_center		< 10.2.1
Oracle Communications Services Gatekeeper prior 6.1.0.4.0 version	cpe:2.3:a:oracle:communications_services_gatekeeper		< 6.1.0.4.0
Oracle Endeca Information Discovery Integrator 3.1.0	cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0
Oracle Endeca Information Discovery Integrator 3.2.0	cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0
Oracle Enterprise Manager for Mysql Database 13.2	cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2
Oracle Enterprise Manager Ops Center 12.2.2	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2
Oracle Enterprise Manager Ops Center 12.3.3	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3
Oracle Enterprise Repository 11.1.1.7.0	cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0
Oracle Enterprise Repository 12.1.3.0.0	cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0
Oracle Goldengate for Big Data 12.2.0.1	cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1
Oracle Goldengate for Big Data 12.3.1.1	cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1
Oracle Goldengate for Big Data 12.3.2.1	cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1
Oracle Health Sciences Information Manager 3.0	cpe:2.3:a:oracle:health_sciences_information_manager:3.0
Oracle Healthcare Master Person Index 3.0	cpe:2.3:a:oracle:healthcare_master_person_index:3.0
Oracle Healthcare Master Person Index 4.0	cpe:2.3:a:oracle:healthcare_master_person_index:4.0
Oracle Hospitality Guest Access 4.2.0	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0
Oracle Hospitality Guest Access 4.2.1	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1
Oracle Insurance Calculation Engine 10.1.1	cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1
Oracle Insurance Calculation Engine 10.2	cpe:2.3:a:oracle:insurance_calculation_engine:10.2
Oracle Insurance Calculation Engine 10.2.1	cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1
Oracle Insurance Policy Administration 10.0	cpe:2.3:a:oracle:insurance_policy_administration:10.0
Oracle Insurance Policy Administration 10.1	cpe:2.3:a:oracle:insurance_policy_administration:10.1
Oracle Insurance Policy Administration 10.2	cpe:2.3:a:oracle:insurance_policy_administration:10.2
Oracle Insurance Policy Administration 11.0	cpe:2.3:a:oracle:insurance_policy_administration:11.0
Oracle Insurance Rules Palette 10.0	cpe:2.3:a:oracle:insurance_rules_palette:10.0
Oracle Insurance Rules Palette 10.1	cpe:2.3:a:oracle:insurance_rules_palette:10.1
Oracle Insurance Rules Palette 10.2	cpe:2.3:a:oracle:insurance_rules_palette:10.2
Oracle Insurance Rules Palette 11.0	cpe:2.3:a:oracle:insurance_rules_palette:11.0
Oracle Insurance Rules Palette 11.1	cpe:2.3:a:oracle:insurance_rules_palette:11.1
Oracle Micros Lucas 2.9.5	cpe:2.3:a:oracle:micros_lucas:2.9.5
Oracle Mysql Enterprise Monitor 8.0.2.8191 and prior versions	cpe:2.3:a:oracle:mysql_enterprise_monitor		<= 8.0.2.8191
Oracle Peoplesoft Enterprise Fin Install 9.2	cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2
Oracle Retail Assortment Planning 14.1	cpe:2.3:a:oracle:retail_assortment_planning:14.1
Oracle Retail Assortment Planning 15.0	cpe:2.3:a:oracle:retail_assortment_planning:15.0
Oracle Retail Assortment Planning 16.0	cpe:2.3:a:oracle:retail_assortment_planning:16.0
Oracle Retail Back Office 14.0	cpe:2.3:a:oracle:retail_back_office:14.0
Oracle Retail Back Office 14.1	cpe:2.3:a:oracle:retail_back_office:14.1
Oracle Retail Central Office 14.0	cpe:2.3:a:oracle:retail_central_office:14.0
Oracle Retail Central Office 14.1	cpe:2.3:a:oracle:retail_central_office:14.1
Oracle Retail Customer Insights 15.0	cpe:2.3:a:oracle:retail_customer_insights:15.0
Oracle Retail Customer Insights 16.0	cpe:2.3:a:oracle:retail_customer_insights:16.0
Oracle Retail Financial Integration 13.2	cpe:2.3:a:oracle:retail_financial_integration:13.2
Oracle Retail Financial Integration 14.0	cpe:2.3:a:oracle:retail_financial_integration:14.0
Oracle Retail Financial Integration 14.1	cpe:2.3:a:oracle:retail_financial_integration:14.1
Oracle Retail Financial Integration 15.0	cpe:2.3:a:oracle:retail_financial_integration:15.0
Oracle Retail Financial Integration 16.0	cpe:2.3:a:oracle:retail_financial_integration:16.0
Oracle Retail Integration Bus 14.1.2	cpe:2.3:a:oracle:retail_integration_bus:14.1.2
Oracle Retail Point-of-service 14.0	cpe:2.3:a:oracle:retail_point-of-service:14.0
Oracle Retail Point-of-service 14.1	cpe:2.3:a:oracle:retail_point-of-service:14.1
Oracle Retail Returns Management 14.0	cpe:2.3:a:oracle:retail_returns_management:14.0
Oracle Retail Returns Management 14.1	cpe:2.3:a:oracle:retail_returns_management:14.1
Oracle Retail Xstore Point Of Service 17.0	cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0
Oracle Service Architecture Leveraging Tuxedo 12.1.3.0.0	cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0
Oracle Service Architecture Leveraging Tuxedo 12.2.2.0.0	cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0
Oracle Tape Library Acsls 8.4	cpe:2.3:a:oracle:tape_library_acsls:8.4
Oracle Weblogic Server 10.3.6.0	cpe:2.3:a:oracle:weblogic_server:10.3.6.0
Oracle Weblogic Server 12.1.3.0	cpe:2.3:a:oracle:weblogic_server:12.1.3.0
Oracle Weblogic Server 12.2.1.2	cpe:2.3:a:oracle:weblogic_server:12.2.1.2
Oracle Weblogic Server 12.2.1.3	cpe:2.3:a:oracle:weblogic_server:12.2.1.3

Configuration #3

	CPE23	From
Netapp Oncommand Insight	cpe:2.3:a:netapp:oncommand_insight:-
Netapp Oncommand Unified Manager for Windows from 7.3 version	cpe:2.3:a:netapp:oncommand_unified_manager::::::windows	>= 7.3
Netapp Oncommand Unified Manager for Vsphere from 9.4 version	cpe:2.3:a:netapp:oncommand_unified_manager::::::vsphere	>= 9.4
Netapp Oncommand Workflow Automation	cpe:2.3:a:netapp:oncommand_workflow_automation:-
Netapp Snapcenter	cpe:2.3:a:netapp:snapcenter:-
Netapp Storage Automation Store	cpe:2.3:a:netapp:storage_automation_store:-

Configuration #4

		CPE23	From	Up To
	Redhat Fuse 7.3.0	cpe:2.3:a:redhat:fuse:7.3.0

Weaknesses

Affected Products

Netapp

Oracle

Pivotal Software

Redhat

Vmware

Configuration #1

Configuration #2

Configuration #3

Configuration #4