Vmware Spring_boot
8 CVEs affecting Vmware Spring_boot. Latest disclosed: 2026-04-28. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40976 | Critical | 9.1 | 2026-04-28 | In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable… |
CVE-2026-40972 | High | 7.5 | 2026-04-28 | An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme ci… |
CVE-2026-40973 | High | 7.0 | 2026-04-28 | A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persi… |
CVE-2026-40974 | Medium | 5.0 | 2026-04-28 | Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0… |
CVE-2026-40971 | Medium | 5.0 | 2026-04-27 | When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. … |
CVE-2026-40970 | Medium | 5.0 | 2026-04-27 | When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearc… |
CVE-2026-40975 | Medium | 4.8 | 2026-04-28 | Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used f… |
CVE-2026-40977 | Medium | 4.7 | 2026-04-28 | When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the… |