Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-55217
HistoryApr 24, 2022 - 12:00 a.m.

Pivotal Spring Security Oauth Resource Management Error Vulnerability

2022-04-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
13

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

A resource management error vulnerability exists in Pivotal Spring Security OAuth, a login system from Pivotal, Inc. that provides support for adding OAuth1 and OAuth2 functionality to Spring Web applications. The vulnerability stems from improper handling of a large number of message requests. An attacker could exploit the vulnerability to launch a denial of service attack by initiating an authorization request.

Related

spring 1
veracode 1
prion 1
osv 2
cve 1
ibm 2
github 1
jvn 1
oracle 2
spring
spring
CVE report published for Spring Security OAuth
2022-04-21 09:00:00
veracode
veracode
Denial Of Service (DoS)
2022-04-22 01:30:09
prion
prion
Authorization
2022-04-21 19:15:00
osv
osv
CVE-2022-22969
2022-04-21 19:15:08
Denial of service in Spring Security OAuth2
2022-04-22 00:00:33
cve
cve
CVE-2022-22969
2022-04-21 19:15:00
ibm
ibm
Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)
2022-09-22 19:15:13
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x
2022-08-03 16:43:35
github
github
Denial of service in Spring Security OAuth2
2022-04-22 00:00:33
jvn
jvn
JVN#15317878: Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)
2022-05-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON
Related for CNVD-2022-55217
spring1veracode1prion1osv2cve1ibm2github1jvn1oracle2