VMware Tanzu Spring Security Vulnerability
Summary
CERT-Bund has issued a security advisory for VMware Tanzu Spring Security, detailing a critical vulnerability (CVSS 9.1) that allows remote attackers to bypass security controls and potentially access confidential information. The advisory affects multiple versions of the Spring Security framework.
What changed
CERT-Bund has identified a critical vulnerability (CVSS Base Score 9.1) in VMware Tanzu Spring Security versions prior to 5.7.22, 5.8.24, 6.3.15, 6.4.15, 6.5.9, and 7.0.4. This vulnerability allows remote, anonymous attackers to bypass security controls, potentially leading to the disclosure of confidential information. The advisory highlights that the issue affects systems running on various operating systems including UNIX and Windows.
Organizations utilizing affected versions of VMware Tanzu Spring Security must update to the patched versions as soon as possible to mitigate the risk of exploitation. Failure to do so could result in unauthorized access to sensitive data and further compromise of systems. While no specific compliance deadline is mentioned, immediate patching is strongly recommended to maintain security posture.
What to do next
- Update VMware Tanzu Spring Security to a patched version (e.g., >= 5.7.22, >= 5.8.24, >= 6.3.15, >= 6.4.15, >= 6.5.9, >= 7.0.4)
- Review system logs for any signs of exploitation related to this vulnerability
Source document (simplified)
[WID-SEC-2026-0797] VMware Tanzu Spring Security: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen CVSS Base Score 9.1 (kritisch) CVSS Temporal Score 7.9 (hoch) Remoteangriff ja Datum 19.03.2026 Stand 20.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
Spring Security ist ein Framework, das Authentifizierung, Autorisierung und Schutz vor gängigen Angriffen bietet.
Produkte
19.03.2026
- VMware Tanzu Spring Security <5.7.22
VMware Tanzu Spring Security <5.8.24
VMware Tanzu Spring Security <6.3.15
VMware Tanzu Spring Security <6.4.15
VMware Tanzu Spring Security <6.5.9
VMware Tanzu Spring Security <7.0.4
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Security ausnutzen, um Sicherheitsvorkehrungen zu umgehen und möglicherweise weitere Angriffe durchzuführen, beispielsweise zur Offenlegung vertraulicher Informationen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.