CVE-2018-1258
HIGHSpring Security - Incorrect Authorization Bypass via Method Security
Title source: llmDescription
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
References (16)
Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104222
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041888
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041896
Patch, Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2413
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html
Patch, Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch, Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html
Patch, Third Party Advisory x_refsource_confirm
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20181018-0002/
Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2018-1258
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2021.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Scores
CVSS v3
8.8
EPSS
0.0027
EPSS Percentile
50.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (50)
netapp/oncommand_insight
netapp/oncommand_unified_manager
7.3
netapp/oncommand_unified_manager
9.4
netapp/oncommand_workflow_automation
netapp/snapcenter
netapp/storage_automation_store
oracle/agile_plm
9.3.3
oracle/agile_plm
9.3.4
oracle/agile_plm
9.3.5
oracle/agile_plm
9.3.6
... and 40 more
Published
May 11, 2018
Tracked Since
Feb 18, 2026