 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.153171 |
| Category: | General |
| Title: | VMware Spring Boot 2.7.x < 2.7.22, 3.0.x < 3.0.17, 3.1.x < 3.1.13, 3.2.x < 3.2.9, 3.3.x < 3.3.3 Signature Forgery Vulnerability - Linux |
| Summary: | VMware Spring Boot is prone to a signature forgery; vulnerability. |
| Description: | Summary: VMware Spring Boot is prone to a signature forgery vulnerability. Vulnerability Insight: Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another. Affected Software/OS: VMware Spring Boot versions 2.7.0 through 2.7.21, 3.0.0 through 3.0.16, 3.1.0 through 3.1.12, 3.2.0 through 3.2.8 and 3.3.0 through 3.3.2. Solution: Update to version 2.7.22, 3.0.17, 3.1.13, 3.2.9, 3.3.3 or later. CVSS Score: 5.5 CVSS Vector: AV:L/AC:H/Au:S/C:C/I:C/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-38807 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |