Information from NEC Corporation

Vulnerability ID:JVN#15643848
Title:Spring Security and Spring Framework vulnerable to authentication bypass
Status:Vulnerable, investigating

This is a statement from the vendor itself with no modification by JPCERT/CC.