In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory.

  - Vulnerability in the MySQL Enterprise Monitor component Spring Security. A remote     unauthenticated attacker could gain unauthorized access to critical data or complete     access to all MySQL Enterprise Monitor accessible data as well as unauthorized     update, insert or delete access to some of MySQL Enterprise Monitor accessible data.     (CVE-2024-22257)

  - Vulnerability in the MySQL Enterprise Monitor component Spring     Framework. Supported versions that are affected are 8.0.38 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols     to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from     a person other than the attacker. Successful attacks of this vulnerability can result     in unauthorized creation, deletion or modification access to critical data or all MySQL     Enterprise Monitor accessible data as well as unauthorized access to critical data or     complete access to all MySQL Enterprise Monitor accessible data. (CVE-2024-22262)

  - Vulnerability in the MySQL Enterprise Monitor component     Apache Tomcat. A unauthenticated attacker with network access via multiple protocols     to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can     result in unauthorized ability to cause a hang or frequently repeatable crash MySQL     Enterprise Monitor. (CVE-2024-24549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95840 advisory.

  - In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9,     versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to     broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication     parameter. (CVE-2024-22257)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15307 advisory.

  - In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9,     versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to     broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication     parameter. (CVE-2024-22257)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
202597	Oracle MySQL Enterprise Monitor (Jul 2024 CPU)	Nessus	CGI abuses	high
201089	Atlassian Confluence 1.0.1 < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95840)	Nessus	CGI abuses	high
197935	Atlassian Jira Service Management Data Center and Server < 5.4.20 / 5.5.x < 5.12.7 / 5.13.x < 5.15.2 Broken Access Control (JSDSERVER-15307)	Nessus	Misc.	high

Detections

Analytics

CVE-2024-22257

high

Tenable Plugins

high

high

high