vulnerability

Oracle WebLogic: CVE-2018-1258 : Critical Patch Update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	May 11, 2018	Oct 18, 2018	Jan 9, 2020

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

May 11, 2018

Added

Oct 18, 2018

Modified

Jan 9, 2020

Description

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Solutions

oracle-weblogic-oct-2018-cpu-10_3_6_0_0oracle-weblogic-oct-2018-cpu-12_1_3_0_0oracle-weblogic-oct-2018-cpu-12_2_1_3_0

References

BID-104222
CVE-2018-1258
https://attackerkb.com/topics/CVE-2018-1258
REDHAT-RHSA-2019:2413
URL-http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
URL-https://support.oracle.com/rs?type=doc&id=2433477.1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today