Rewterz Threat Advisory – CVE-2023-28754 – Apache ShardingSphere-Agent Vulnerability
July 21, 2023Rewterz Threat Advisory – Multiple Adobe ColdFusion Vulnerabilities Exploited in the Wild
July 21, 2023Rewterz Threat Advisory – CVE-2023-28754 – Apache ShardingSphere-Agent Vulnerability
July 21, 2023Rewterz Threat Advisory – Multiple Adobe ColdFusion Vulnerabilities Exploited in the Wild
July 21, 2023Severity
High
Analysis Summary
CVE-2023-34034
VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using “**” as a pattern in the configuration for WebFlux. By using a specially crafted configuration, an attacker could exploit this vulnerability to bypass pattern matching rules.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-34034
Affected Vendors
VMware
Affected Products
- VMware Tanzu Spring Security 5.7.0
- VMware Tanzu Spring Security 5.6.0
- VMware Tanzu Spring Security 5.8.0
- VMware Tanzu Spring Security 6.0.0
Remediation
Refer to VMware Tanzu Web site for patch, upgrade or suggested workaround information.