Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
X.509 authentication bypasses Spring Security account checks
Vulnerability Description
X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks (disabled, locked, expired, or credentials-expired accounts). Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
VMware Spring Web Services 授权问题漏洞
Vulnerability Description
VMware Spring Web Services是美国威睿(VMware)公司的一个SOAP Web服务开发框架。 VMware Spring Web Services 5.0.0至5.0.1版本、4.1.0至4.1.3版本、4.0.0至4.0.18版本和3.1.0至3.1.8版本存在授权问题漏洞,该漏洞源于X509AuthenticationProvider在证书映射到UserDetails时未应用账户生命周期检查,可能导致完全认证。
CVSS Information
N/A
Vulnerability Type
N/A