CVE-2010-3700

medium VMware
CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS Score
0.2%
Exploitation probability in 30 days
Top 52% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None
Published: October 29, 2010 (5676 days ago)
Last Modified: April 29, 2026
Vendor: VMware
Source: NVD

Description

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

CWE

CWE-264

Affected Products

acegisecurity acegi-securityvmware springsource spring securityibm websphere application server

References

🔗 osvdb.org 🔗 secunia.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 www.springsource.com