CVE Database · CVE-2011-2731
CVSS v3.1
N/A
EPSS
1.25%
Published
Dec 5, 2012
Modified
Apr 28, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.
Weaknesses (CWE)
Affected Products (13)
References (8)
