CVE-2019-3795

LOW Year: 2019
CVSS v3 Score
3.8
Low
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-330
View all →

Vulnerability Description

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.

Related Vulnerabilities

CVE-2020-16166

LOW
CVSS:3.7(Low)

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is relate...

CWE-3302020

CVE-2023-31124

LOW
CVSS:3.7(Low)

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will...

CWE-3302023

CVE-2023-3803

LOW
CVSS:3.7(Low)

A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.as...

CWE-3302023

CVE-2019-12434

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked ...

CWE-3302019

CVE-2019-20494

LOW
CVSS:3.3(Low)

In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).

CWE-3302019

CVE-2019-4411

MEDIUM
CVSS:4.3(Medium)

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.

CWE-3302019