Spring Boot provides actuator endpoints to monitor a Spring Boot application. If the application is configured to allow access to all Spring Boot actuators, this could result in the heap of the application being dumped, and unauthorised access impersonating a logged-in user being obtained.
An application using an in-memory H2 DBMS (e.g. bundled as part of a COTS software) may expose the H2 Management console to end users. This may result in remote attackers accessing and/or modifying data stored in the database.