{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Spring Security ist ein Framework, das Authentifizierung, Autorisierung und Schutz vor gängigen Angriffen bietet.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in VMware Tanzu Spring Security ausnutzen, um einen Denial of Service zu verursachen, beliebigen Code auszuführen, Benutzer auf beliebige Websites umzuleiten, Informationen offenzulegen und die Identität eines anderen Benutzers anzunehmen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1869 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1869.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1869 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1869" }, { "category" : "external", "summary" : "Spring Security Advisories vom 2026-06-09", "url" : "https://spring.io/security/cve-2026-40988" }, { "category" : "external", "summary" : "Spring Security Advisories vom 2026-06-09", "url" : "https://spring.io/security/cve-2026-40993" }, { "category" : "external", "summary" : "Spring Security Advisories vom 2026-06-09", "url" : "https://spring.io/security/cve-2026-41003" }, { "category" : "external", "summary" : "Spring Security Advisories vom 2026-06-09", "url" : "https://spring.io/security/cve-2026-41008" }, { "category" : "external", "summary" : "Spring Security Advisories vom 2026-06-09", "url" : "https://spring.io/security/cve-2026-41694" }, { "category" : "external", "summary" : "Spring Security Advisories vom 2026-06-09", "url" : "https://spring.io/security/cve-2026-41706" }, { "category" : "external", "summary" : "Spring Security Advisories vom 2026-06-09", "url" : "https://spring.io/security/cve-2026-47838" } ], "source_lang" : "en-US", "title" : "VMware Tanzu Spring Security: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-06-09T22:00:00.000+00:00", "generator" : { "date" : "2026-06-10T09:35:57.231+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1869", "initial_release_date" : "2026-06-09T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-06-09T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<5.7.24", "product" : { "name" : "VMware Tanzu Spring Security <5.7.24", "product_id" : "T055188" } }, { "category" : "product_version", "name" : "5.7.24", "product" : { "name" : "VMware Tanzu Spring Security 5.7.24", "product_id" : "T055188-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:vmware_tanzu:spring_security:5.7.24" } } }, { "category" : "product_version_range", "name" : "<5.8.26", "product" : { "name" : "VMware Tanzu Spring Security <5.8.26", "product_id" : "T055189" } }, { "category" : "product_version", "name" : "5.8.26", "product" : { "name" : "VMware Tanzu Spring Security 5.8.26", "product_id" : "T055189-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:vmware_tanzu:spring_security:5.8.26" } } }, { "category" : "product_version_range", "name" : "<6.5.11", "product" : { "name" : "VMware Tanzu Spring Security <6.5.11", "product_id" : "T055190" } }, { "category" : "product_version", "name" : "6.5.11", "product" : { "name" : "VMware Tanzu Spring Security 6.5.11", "product_id" : "T055190-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:vmware_tanzu:spring_security:6.5.11" } } }, { "category" : "product_version_range", "name" : "<6.4.17", "product" : { "name" : "VMware Tanzu Spring Security <6.4.17", "product_id" : "T055191" } }, { "category" : "product_version", "name" : "6.4.17", "product" : { "name" : "VMware Tanzu Spring Security 6.4.17", "product_id" : "T055191-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:vmware_tanzu:spring_security:6.4.17" } } }, { "category" : "product_version_range", "name" : "<6.3.17", "product" : { "name" : "VMware Tanzu Spring Security <6.3.17", "product_id" : "T055192" } }, { "category" : "product_version", "name" : "6.3.17", "product" : { "name" : "VMware Tanzu Spring Security 6.3.17", "product_id" : "T055192-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:vmware_tanzu:spring_security:6.3.17" } } }, { "category" : "product_version_range", "name" : "<7.0.6", "product" : { "name" : "VMware Tanzu Spring Security <7.0.6", "product_id" : "T055193" } }, { "category" : "product_version", "name" : "7.0.6", "product" : { "name" : "VMware Tanzu Spring Security 7.0.6", "product_id" : "T055193-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:vmware_tanzu:spring_security:7.0.6" } } }, { "category" : "product_version_range", "name" : "<5.7.25", "product" : { "name" : "VMware Tanzu Spring Security <5.7.25", "product_id" : "T055194" } }, { "category" : "product_version", "name" : "5.7.25", "product" : { "name" : "VMware Tanzu Spring Security 5.7.25", "product_id" : "T055194-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:vmware_tanzu:spring_security:5.7.25" } } }, { "category" : "product_version_range", "name" : "<5.8.27", "product" : { "name" : "VMware Tanzu Spring Security <5.8.27", "product_id" : "T055195" } }, { "category" : "product_version", "name" : "5.8.27", "product" : { "name" : "VMware Tanzu Spring Security 5.8.27", "product_id" : "T055195-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:vmware_tanzu:spring_security:5.8.27" } } }, { "category" : "product_version_range", "name" : "<6.3.18", "product" : { "name" : "VMware Tanzu Spring Security <6.3.18", "product_id" : "T055196" } }, { "category" : "product_version", "name" : "6.3.18", "product" : { "name" : "VMware Tanzu Spring Security 6.3.18", "product_id" : "T055196-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:vmware_tanzu:spring_security:6.3.18" } } }, { "category" : "product_version_range", "name" : "<6.4.18", "product" : { "name" : "VMware Tanzu Spring Security <6.4.18", "product_id" : "T055197" } }, { "category" : "product_version", "name" : "6.4.18", "product" : { "name" : "VMware Tanzu Spring Security 6.4.18", "product_id" : "T055197-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:vmware_tanzu:spring_security:6.4.18" } } } ], "category" : "product_name", "name" : "Spring Security" } ], "category" : "vendor", "name" : "VMware Tanzu" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-40988", "product_status" : { "known_affected" : [ "T055189", "T055188", "T055193", "T055192", "T055191", "T055190" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-40988" }, { "cve" : "CVE-2026-40993", "product_status" : { "known_affected" : [ "T055193" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-40993" }, { "cve" : "CVE-2026-41003", "product_status" : { "known_affected" : [ "T055189", "T055188", "T055193", "T055192", "T055191", "T055190" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-41003" }, { "cve" : "CVE-2026-41008", "product_status" : { "known_affected" : [ "T055193" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-41008" }, { "cve" : "CVE-2026-41694", "product_status" : { "known_affected" : [ "T055189", "T055188", "T055193", "T055192", "T055191", "T055190" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-41694" }, { "cve" : "CVE-2026-41706", "product_status" : { "known_affected" : [ "T055189", "T055188", "T055193", "T055192", "T055191", "T055190" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-41706" }, { "cve" : "CVE-2026-47838", "product_status" : { "known_affected" : [ "T055189", "T055188", "T055197", "T055196", "T055195", "T055193", "T055192", "T055191", "T055190" ] }, "release_date" : "2026-06-09T22:00:00.000+00:00", "title" : "CVE-2026-47838" } ] }