CRITICAL✓ PATCH🇬🇧 English

CVE-2023-20873

CVSS 9.8v3.1pub. 2023-04-20upd. 2025-05-05

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • VMware Spring Boot

    APP
    Vmware
    < 2.5.152.6.0 – 2.6.14 (bez)2.7.0 – 2.7.11 (bez)3.0.0 – 3.0.6 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2026-40976CRITICAL9.1PL ✓ten sam produkt

VMware Spring Boot: nieefektywna domyślna ochrona web security — nieautoryzowany dostęp

CVE-2023-44794CRITICAL9.8ten sam produkt

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a cr...

CVE-2021-26987CRITICAL9.8ten sam produkt

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1...

CVE-2017-8046CRITICAL9.8ten sam produkt

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), ve...

CVE-2026-40972HIGH7.5ten sam produkt

An attacker on the same network as the remote application may be able to utilize a timing attack to discover i...