Vmware Spring_security
7 CVEs affecting Vmware Spring_security. Latest disclosed: 2026-04-21. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2014-3527 | Critical | 9.8 | 2017-05-25 | When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a… |
CVE-2017-4995 | High | 8.1 | 2017-11-27 | An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing… |
CVE-2016-5007 | High | 7.5 | 2017-05-25 | Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping req… |
CVE-2016-9879 | High | 7.5 | 2017-01-06 | An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parame… |
CVE-2014-0097 | High | 7.3 | 2017-05-25 | The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous… |
CVE-2026-22751 | Medium | 4.8 | 2026-04-21 | Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-c… |
CVE-2011-2894 | | 2011-10-04 | Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrust… |