VMware by Broadcoms response to CVE's CVE-2016-1000027, BDSA-2024-6258, BDSA-2024-7391 CVE-2024-38819, CVE-2024-38820 BDSA-2024-7393, BDSA-2024-8653
search cancel

VMware by Broadcoms response to CVE's CVE-2016-1000027, BDSA-2024-6258, BDSA-2024-7391 CVE-2024-38819, CVE-2024-38820 BDSA-2024-7393, BDSA-2024-8653

book

Article ID: 397200

calendar_today

Updated On:

Products

VMware Tanzu Spring Runtime

Issue/Introduction

A user runs Black Duck Security Scan (or similar CVE security scanning tool) and resulting in a vulnerability list as below: 

  • CVE-2016-1000027
  • BDSA-2024-6258-> CVE-2024-38816
  • BDSA-2024-7391-> CVE-2024-38819
  • CVE-2024-38819
  • CVE-2024-38820
  • BDSA-2024-7393-> n/a
  • BDSA-2024-8653-> CVE-2024-38828 

Environment

Spring Framwork v5.3.x

Resolution

CVE-2016-1000027: might be vulnerable, up to the user to analyze/fix (https://www.blackduck.com/blog/cyrc-vulnerability-month-spring-framework.html)

BDSA-2024-6258 (CVE-2024-38816): fixed in Spring Framework v5.3.42

BDSA-2024-7391 (CVE-2024-38819): fixed in Spring Framework v5.3.42

CVE-2024-38819: not vulnerable (https://spring.io/security/cve-2024-38819)

CVE-2024-38820: not vulnerable (https://spring.io/security/cve-2024-38820)

BDSA-2024-7393 (CVE-2024-7393): n/a *Removed (https://nvd.nist.gov/vuln/detail/CVE-2024-7393)

BDSA-2024-8653 (CVE-2024-38828): fixed in Spring Framework v5.3.42

 

Powered by Wolken Software