Threedr3Am

**Name of the Vulnerable Software and Affected Versions** Spring Framework versions prior to 6.1.5 Spring Framework versions prior to 6.0.18 Spring Framework versions prior to 5.3.33 **Description** The issue exists due to insufficient validation of user-input data in the UriComponentsBuilder component of the Spring Framework. This can allow a remote attacker to perform a Server-Side Request Forgery (SSRF) attack. The vulnerability poses risks to systems, potentially exposing them to open redirect and SSRF attacks. Approximately 1,139,824 results are mainly distributed in China, the United States, and other countries. **Recommendations** For Spring Framework versions prior to 6.1.5, update to version 6.1.5 or later. For Spring Framework versions prior to 6.0.18, update to version 6.0.18 or later. For Spring Framework versions prior to 5.3.33, update to version 5.3.33 or later. As a temporary workaround, consider restricting the use of the UriComponentsBuilder component until a patch is applied. Avoid using the `host` variable in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sentinel version 1.8.2 **Description** The issue is related to Server-side request forgery (SSRF). This means an attacker can potentially trick the server into making requests to unintended locations, which could lead to unauthorized access or information disclosure. **Recommendations** For Sentinel version 1.8.2, as a temporary workaround, consider restricting access to sensitive resources and networks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** com.h2database:h2 versions 1.4.198 through 2.0.202 **Description** The issue is related to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object. This occurs when the object receives parsed string data from the org.h2.jdbc.JdbcResultSet.getSQLXML() method and executes the getSource() method with the parameter `DOMSource.class`. The vulnerability allows a remote attacker to conduct XXE attacks due to incorrect restriction of XML external entity references. **Recommendations** For versions 1.4.198 through 2.0.202, consider disabling the `org.h2.jdbc.JdbcSQLXML` class object or restricting its use until a patch is available. As a temporary workaround, avoid using the `getSource()` method with the parameter `DOMSource.class` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** spring-cloud-netflix-hystrix-dashboard versions (affected versions not specified) **Description** The issue affects applications that use both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf`. It exposes a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at "/hystrix/monitor;[user-provided data]", the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Essbase Analytic Provider Services versions 11.1.2.4 through 21.2 **Description** The issue is related to errors in processing input data in the web component of Essbase Analytic Provider Services. It can be exploited by a remote attacker to cause a denial of service. Successful attacks can result in the ability to cause the service to hang or crash repeatedly, leading to a complete denial of service. **Recommendations** For versions 11.1.2.4 and 21.2, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Coherence versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 **Description** The issue exists due to insufficient input validation in the Core component of Oracle Coherence, allowing a remote attacker to cause the device to hang or deny service. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle Coherence. The vulnerability can be exploited via T3, IIOP by an unauthenticated attacker with network access. **Recommendations** For versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, consider restricting network access via T3, IIOP to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider implementing additional validation for incoming requests to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0 **Description** The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, part of the Oracle Fusion Middleware platform. This can be exploited by a remote attacker using the T3 protocol to cause a denial of service, potentially leading to a hang or crash of the Oracle WebLogic Server. The vulnerability can be easily exploited by an unauthenticated attacker with network access via T3 or IIOP protocols. **Recommendations** For versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.1.3 and 12.2.3 through 12.2.10 **Description** The issue is related to insufficient input validation in the Workflow Notification Mailer component of Oracle Workflow. This allows a low-privileged attacker with network access via HTTP to compromise Oracle Workflow, resulting in unauthorized read access to a subset of Oracle Workflow accessible data. **Recommendations** For versions 12.1.3 and 12.2.3 through 12.2.10, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0 **Description** The issue is related to the Web Services component of Oracle WebLogic Server, which can be exploited by an unauthenticated attacker with network access via T3 or IIOP protocols. This can lead to a denial of service (DOS) condition, causing the server to hang or crash repeatedly. The vulnerability is due to incorrect resource cleanup or release. **Recommendations** For versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, consider restricting access to the T3 protocol to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the Web Services component until a patch is available. Avoid using the T3 or IIOP protocols in the affected Oracle WebLogic Server versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Coherence versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 **Description** The issue exists due to insufficient input validation in the Core component of Oracle Coherence. It can be exploited by a remote attacker using a specially crafted T3 protocol network request, potentially causing the device to hang or resulting in a denial of service. The vulnerability can be exploited via T3 or IIOP protocols. **Recommendations** For Oracle Coherence version 3.7.1.0, update to a version that includes the fix for this issue. For Oracle Coherence version 12.1.3.0.0, update to a version that includes the fix for this issue. For Oracle Coherence version 12.2.1.3.0, update to a version that includes the fix for this issue. For Oracle Coherence version 12.2.1.4.0, update to a version that includes the fix for this issue. For Oracle Coherence version 14.1.1.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the T3 protocol to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Nacos versions prior to 1.4.1 Description: The issue affects Nacos, a platform for dynamic service discovery and configuration and service management. In affected versions, the ConfigOpsController allows users to perform management operations like querying the database or wiping it out. The `/derby` endpoint is not protected and can be accessed by unauthenticated users, while the `/data/remove` endpoint is properly protected. This issue only affects installations using embedded storage (derby DB) and not those using external storage (e.g., mysql). Additionally, when configured to use authentication, Nacos has a backdoor that enables servers to bypass authentication checks by spoofing the `user-agent` HTTP header. This may allow any user to carry out administrative tasks on the Nacos server. Recommendations: For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/derby` endpoint and disabling the use of embedded storage (derby DB) if possible. Additionally, restrict access to the `configuration` endpoint to minimize the risk of exploitation. Avoid using the `Nacos-Server` user-agent header to bypass authentication checks.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 12.1.3.0.0 through 14.1.1.0.0 **Description** The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via IIOP to compromise the server. Successful attacks can result in the takeover of Oracle WebLogic Server. The vulnerability can be exploited using network protocols IIOP and T3. **Recommendations** For versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nacos versions prior to 1.4.1 **Description** The issue is related to the AuthFilter component of the Nacos platform, which can be exploited to bypass authentication through spoofing. This may allow a remote attacker to elevate their privileges. The vulnerability relies on the `user-agent` HTTP header, making it easily spoofable. The issue can be exploited by sending a request to the "http://127.0.0.1:8848/nacos/v1/cs/configs" endpoint with a spoofed `user-agent` header set to `Nacos-Server`, allowing the attacker to carry out administrative tasks on the Nacos server. **Recommendations** For Nacos versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `AuthFilter` servlet filter to minimize the risk of exploitation. Avoid using the `user-agent` HTTP header to enforce authentication until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apache Ambari versions 2.6.2.2 and earlier **Description** The issue allows malicious users to construct file names for directory traversal, enabling them to traverse to other directories and download files. **Recommendations** For Apache Ambari versions 2.6.2.2 and earlier, update to a version later than 2.6.2.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Spring Cloud Netflix Zuul versions 2.2.6.RELEASE and below **Description** The issue allows bypassing the "Sensitive Headers" restriction when executing requests with specially constructed URLs. Applications using Spring Security's StrictHttpFirewall are not affected, as they reject requests that allow bypassing. **Recommendations** For Spring Cloud Netflix Zuul versions 2.2.6.RELEASE and below, consider disabling the "Sensitive Headers" functionality until a patch is available. As a temporary workaround, enable Spring Security's StrictHttpFirewall to reject requests that allow bypassing the "Sensitive Headers" restriction. At the moment, there is no information about a newer version that contains a fix for this vulnerability.