Lucene search
+L

193 matches found

Prion
Prion
added 2019/06/19 10:15 p.m.14 views

Authorization

OAuth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect...

5.8CVSS6.3AI score0.00794EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2019/06/19 10:15 p.m.16 views

Cross site scripting

Auth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS...

4.3CVSS6.4AI score0.00793EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2019/06/19 9:22 p.m.18 views

CVE-2017-14395

Auth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS...

6.4AI score0.00793EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/06/19 9:22 p.m.17 views

CVE-2017-14394

OAuth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect...

6.4AI score0.00794EPSS
Exploits0References1
CVE
CVE
added 2019/06/19 9:22 p.m.139 views

CVE-2017-14394

The CVE-2017-14394 affects ForgeRock OpenAM (OAuth 2.0 Authorization Server) versions 13.5.0–13.5.1 and Access Management (AM) 5.0.0–5.1.1. The issue is improper validation of redirect_uri for certain invalid requests, enabling phishing via an unvalidated redirect. The provided documents do not s...

6.1CVSS6.3AI score0.00794EPSS
Exploits0References1Affected Software2
exploitpack
exploitpack
added 2019/06/17 12:0 a.m.127 views

Spring Security OAuth - Open Redirector

Spring Security OAuth - Open Redirector Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

6.4CVSS0.15621EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2019/04/04 1:19 a.m.36 views

CVE-2019-3778

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...

6.5CVSS2.5AI score0.15621EPSS
Exploits4References2
OSV
OSV
added 2019/03/14 3:39 p.m.26 views

GHSA-77RV-6VFW-X4GC spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...

6.5CVSS6.4AI score0.15621EPSS
Exploits4References6
Github Security Blog
Github Security Blog
added 2019/03/14 3:39 p.m.64 views

spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...

6.5CVSS10AI score0.15621EPSS
Exploits4References6Affected Software2
Cvelist
Cvelist
added 2019/03/07 7:0 p.m.43 views

CVE-2019-3778 Open Redirect in spring-security-oauth2

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...

6.5AI score0.15621EPSS
Exploits4References4
CVE
CVE
added 2019/03/07 7:0 p.m.129 views

CVE-2019-3778

The CVE-2019-3778 entry concerns an open redirect vulnerability in Spring Security OAuth where an attacker can abuse the redirect_uri parameter at the authorization endpoint to redirect a user-agent to an attacker-controlled URI, leaking the authorization code. Affected are older Spring Security ...

6.5CVSS6.4AI score0.15621EPSS
Exploits4References4Affected Software1
NVD
NVD
added 2019/03/07 6:29 p.m.33 views

CVE-2019-3778

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...

6.5CVSS6.2AI score0.15621EPSS
Exploits4References4
Prion
Prion
added 2019/03/07 6:29 p.m.27 views

Authorization

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...

6.4CVSS6.4AI score0.15621EPSS
Exploits4References4Affected Software2
OSV
OSV
added 2019/03/07 6:29 p.m.28 views

CVE-2019-3778

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...

6.5CVSS6.4AI score0.15621EPSS
Exploits4References4
Veracode
Veracode
added 2019/02/22 1:55 a.m.41 views

Open Redirection

spring-security-oauth2 is vulnerable to open redirection. A lack of validation on the redirecturi parameter allows an attacker to manipulate the redirect URI by sending a malicious request to the authorization endpoint using the authorization code grant type and cause the authorization server to...

6.5CVSS6.6AI score0.15621EPSS
Exploits4References5Affected Software1
OSV
OSV
added 2018/12/28 3:29 p.m.2 views

CVE-2018-15335

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failur...

5.9CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2018/12/28 3:29 p.m.29 views

Authorization

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failur...

4.3CVSS5.7AI score0.01427EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2018/10/25 12:49 p.m.41 views

CVE-2018-15758

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...

9.6CVSS1.6AI score0.02153EPSS
Exploits0References2
OSV
OSV
added 2018/10/19 10:0 p.m.32 views

GHSA-H8W4-QV99-F7VJ Authorization bypass in org.springframework.security.oauth:spring-security-oauth2

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...

8.1CVSS8.8AI score0.02153EPSS
Exploits0References9
NVD
NVD
added 2018/10/18 10:29 p.m.37 views

CVE-2018-15758

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...

9.6CVSS9.4AI score0.02153EPSS
Exploits0References3
Rows per page
Query Builder