CVE-2022-22978: Authorization Bypass in RegexRequestMatcher
search cancel

CVE-2022-22978: Authorization Bypass in RegexRequestMatcher

book

Article ID: 371575

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration

Issue/Introduction

Vuln Name: Spring Security < 5.5.7 / 5.6.x < 5.6.4 Authorization Bypass
Port: 0
Last Seen: 2024-06-29T22:53:27
  Path              : <Install Directory>/PC/webapps/pc/WEB-INF/lib/spring-security-core-4.2.19.RELEASE.jar
  Installed version : 4.2.19
  Fixed version     : 5.5.7
Path : <Install Directory>/EM/webapps/EventManager/WEB-INF/lib/spring-security-core-4.2.19.RELEASE.jar Installed version : 4.2.19 Fixed version : 5.5.7
Path : <Install Directory>/DM/webapps/dm/WEB-INF/lib/spring-security-core-4.2.19.RELEASE.jar Installed version : 4.2.19 Fixed version : 5.5.7

Environment

Dx NetOps Performance Management 23.3.8

Resolution

With 23.3.11 Portal no longer ships spring-security-core-*.jar.  We still ship 5.3.28 spring jars but not the spring-security-core jar files