CVE-2019-3795— Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-3795
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
Source: NVD (National Vulnerability Database)
Vulnerability Description
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不充分的随机数
Source: NVD (National Vulnerability Database)
Vulnerability Title
VMware Spring Security 安全特征问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
VMware Spring Security是美国威睿(VMware )公司的一套为基于Spring的应用程序提供说明性安全保护的安全框架。 VMware Spring Security 4.2.12之前的4.2.x版本、5.0.12之前的的5.0.x版本和5.1之前的5.1.x版本中存在安全漏洞。攻击者可利用该漏洞泄露信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Spring | Spring Security | 5.0 ~ 5.0.11.RELEASE | - |
II. Public POCs for CVE-2019-3795
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-3795
Please Login to view more intelligence information
- https://pivotal.io/security/cve-2019-3795x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-3795
IV. Related Vulnerabilities
Same product: Spring Security
- CVE-2026-22754
ervlet Path Not Correctly Included in Path Matching of XML A - CVE-2026-22753
Servlet Path Not Correctly Included in Path Matching of Http - CVE-2026-22748
Potential Security Misconfiguration when Using withIssuerLoc - CVE-2026-22747
Unauthorized User Impersonation when Using X.509 Client Cert - CVE-2026-22746
User Attribute Enumeration when Using DaoAuthenticationProvi
Same weakness: CWE-330
- CVE-2026-7847
chatchat-space Langchain-Chatchat Uploaded File openai_route - CVE-2026-40975
VMware Spring Boot 安全特征问题漏洞 - CVE-2026-40496
FreeScout has Predictable Attachment Token that Allows Unaut - CVE-2026-40306
DNN has same HostGUID for all new installs - CVE-2026-33710
Chamilo LMS has Weak REST API Key Generation (Predictable)
V. Comments for CVE-2019-3795
No comments yet