There are 3 updates (CPE changes) on Pivotal Software, Vmware today.
[*] Searching cve-[['2021-22112', '2014-3527', '2017-4995', '2021-22112']] vulnerability definitions within Kenna.VI+....
[ CVE Description ]
[*] CVE_ID : CVE-2021-22112
[_] Desc : Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
[_] C:2021-01-04 / P:2021-02-23 / L:2021-06-08
[*] Vuln Risk : 31.4038
[*] Exploited [trend] : 0 [holding]
[_] Exploit/likehood : False/0.0030% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 9.0 / 8.8 ]
[_] Vuln Products : [2]
[ CVE Malware Family Info : None ]
[ CVE Description ]
[*] CVE_ID : CVE-2014-3527
[_] Desc : When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.
[_] C:2015-05-21 / P:2017-05-25 / L:2021-06-08
[*] Vuln Risk : 32.8126
[*] Exploited [trend] : 0 [holding]
[_] Exploit/likehood : False/1.0277% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 7.5 / 9.8 ]
[_] Vuln Products : [10]
[ CVE Malware Family Info : None ]
[ CVE Description ]
[*] CVE_ID : CVE-2017-4995
[_] Desc : An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.
[_] C:2017-11-28 / P:2017-11-27 / L:2021-06-08
[*] Vuln Risk : 29.3175
[*] Exploited [trend] : 0 [holding] [RCE]
[_] Exploit/likehood : False/5.8683% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [0]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 6.8 / 8.1 ]
[_] Vuln Products : [4]
[ CVE Malware Family Info : None ]
[ High_Profile_Vulnerability ]
[!!!] CVE-2021-22112 (31.4038) : []
[!!!] CVE-2014-3527 (32.8126) : []
[!!!] CVE-2017-4995 (29.3175) : []
** [5] threads completed [6 tasks] / [9.54 KB] within [3.85 sec].