Oval Definition:oval:org.opensuse.security:def:20181258
Revision Date:2022-05-22Version:1
Title:CVE-2018-1258
Description:

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2018-1258
SUSE CVE-2018-1258
Platform(s):SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • tomcat is affected
  • OR tomcat-admin-webapps is affected
  • OR tomcat-docs-webapp is affected
  • OR tomcat-el-3_0-api is affected
  • OR tomcat-javadoc is affected
  • OR tomcat-jsp-2_3-api is affected
  • OR tomcat-lib is affected
  • OR tomcat-servlet-3_1-api is affected
  • OR tomcat-webapps is affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND tomcat6 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP1 is installed
  • OR SUSE Linux Enterprise Server 11 SP3 is installed
  • AND tomcat6 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND tomcat is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • AND
  • tomcat is affected
  • OR tomcat-admin-webapps is affected
  • OR tomcat-docs-webapp is affected
  • OR tomcat-el-3_0-api is affected
  • OR tomcat-javadoc is affected
  • OR tomcat-jsp-2_3-api is affected
  • OR tomcat-lib is affected
  • OR tomcat-servlet-3_1-api is affected
  • OR tomcat-webapps is affected
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND
  • tomcat is not affected
  • OR tomcat-admin-webapps is not affected
  • OR tomcat-docs-webapp is not affected
  • OR tomcat-el-3_0-api is not affected
  • OR tomcat-javadoc is not affected
  • OR tomcat-jsp-2_3-api is not affected
  • OR tomcat-lib is not affected
  • OR tomcat-servlet-4_0-api is not affected
  • OR tomcat-webapps is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND tomcat is not affected
  • OR Package Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND
  • tomcat is not affected
  • OR tomcat-admin-webapps is not affected
  • OR tomcat-docs-webapp is not affected
  • OR tomcat-el-3_0-api is not affected
  • OR tomcat-javadoc is not affected
  • OR tomcat-jsp-2_3-api is not affected
  • OR tomcat-lib is not affected
  • OR tomcat-servlet-4_0-api is not affected
  • OR tomcat-webapps is not affected
    • BACK