Vulnerability identifier: #VU88954
Vulnerability risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-16
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Pivotal Spring Framework
Server applications /
Frameworks for developing and running applications
Vendor: Pivotal
Description
The issue may allow a local user to bypass implemented security restrictions.
The issue exists due to the possibility to bypass implemented security restrictions, related to secure boot. it was addressed by rebuilding the package with the new secure boot key.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Pivotal Spring Framework: before 2.5.6.SEC03, 2.5.7.SR023, 3.0.6, 2.5.6.SEC03, 2.5.6.SEC03
External links
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
https://rhn.redhat.com/errata/RHSA-2013-0191.html
https://rhn.redhat.com/errata/RHSA-2013-0192.html
https://rhn.redhat.com/errata/RHSA-2013-0193.html
https://rhn.redhat.com/errata/RHSA-2013-0194.html
https://rhn.redhat.com/errata/RHSA-2013-0195.html
https://rhn.redhat.com/errata/RHSA-2013-0196.html
https://rhn.redhat.com/errata/RHSA-2013-0197.html
https://rhn.redhat.com/errata/RHSA-2013-0198.html
https://rhn.redhat.com/errata/RHSA-2013-0221.html
https://rhn.redhat.com/errata/RHSA-2013-0533.html
https://secunia.com/advisories/51984
https://secunia.com/advisories/52054
https://secunia.com/advisories/55155
https://support.springsource.com/security/cve-2011-2730
https://www.debian.org/security/2012/dsa-2504
https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://www.securitytracker.com/id/1029151
https://docs.google.com/document/d/1dc1xxO8UMFaGLOwgkykYdghGWm_2Gn0iCrxFsympqcE/edit
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.