CPE-3254BF73-52DC-47F6-A54A-7B1AF24DA25F Detail

CPE Details

VMware Spring Boot 2.0.0 Milestone 7

Vendor

vmware

Product

spring_boot

Version

2.0.0

Created

2022-04-07
12h55 +00:00

Modified

2022-04-07
13h02 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:vmware:spring_boot:2.0.0:milestone7::::::

Informations

Vendor

vmware

Product

spring_boot

Version

2.0.0

Update

milestone7

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-20883	2023-05-25 22h00 +00:00	In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.	7.5	High
CVE-2023-20873	2023-04-19 22h00 +00:00	In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.	9.8	Critical
CVE-2022-27772	2022-03-30 15h45 +00:00	spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer	7.8	High
CVE-2018-1196	2018-03-19 18h00 +00:00	Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.	5.9	Medium

VMware Spring Boot 2.0.0 Milestone 7

CPE Details

CPE Name: cpe:2.3:a:vmware:spring_boot:2.0.0:milestone7:*:*:*:*:*:*

Informations

Vendor

Product

Version

Update

Related CVE

CPE Name: cpe:2.3:a:vmware:spring_boot:2.0.0:milestone7::::::