漏洞描述
VMware Spring Security是美国威睿(VMware)公司的一套为基于Spring的应用程序提供说明性安全保护的安全框架。 VMware Spring Security 6.1.7之前的版本 6.1.x版本和6.2.2之前的6.2.x版本存在安全漏洞,该漏洞源于容易受到损坏的访问控制影响。
VMware Spring Security 权限绕过漏洞
PoC代码
暂无相关漏洞推荐
- Spring Cloud Gateway 信息泄露漏洞(CVE-2025-41243)
- Spring Cloud Gateway环境属性修改漏洞 (CVE-2025-41243)
- CVE-2019-3799: Spring Cloud Config Server Directory Traversal
- springboot-actuator-unauth: Springboot Actuator Unauth
- springblade-export-user-sqli: SpringBlade 框架后台 export-user 路径 SQL 注入漏洞
- CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- Exrick Xboot Swagger SecurityController.java服务器端请求伪造(CVE-2025-8527)
- POC CVE-2019-14287: Sudo <= 1.8.27 - Security Bypass
- POC spring4shell-CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
- POC CVE-2014-6308: Osclass Security Advisory 3.4.1 - Local File Inclusion
- POC CVE-2016-4977: Spring Security OAuth2 Remote Command Execution
- POC CVE-2017-7925: Dahua Security - Configuration File Disclosure
- POC CVE-2017-8046: Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution