11 matches found
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2021-22119
Summary There is a vulnerability in Spring Security that could allow a remote attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-2211...
K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509
Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
SUSE CVE-2021-22119
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
JVN#15317878: Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)
Spring Security OAuth spring-security-oauth2 provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption CWE-400. Note that Spring Security OAuth spring-security-oauth2 is no longer supported, therefore Spring Security has been developed as the...
cc.vihackerframework:vihacker-auth-starter (>=1.0.4.R <=1.0.6.R), cc.vihackerframework:vihacker-common-starter (>=1.0.4.R <=1.0.6.R) +605 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (=5.5.0)
org.springframework.security:spring-security-core MAVEN version =5.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - cc.vihackerframework:vihacker-auth-starter =1.0.4.R, =1.0.4....
com.c4-soft.springaddons:spring-security-test-oauth2-addons (=1.0.0), com.epam.reportportal:service-authorization (=5.0.0) +18 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (=5.2.0.RELEASE)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.2.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-oauth2-client and may be impacted: -...
com.azure.spring:azure-spring-boot-starter-active-directory-b2c (>=3.3.0 <=3.5.0), com.backbase.oss:scdf-maven-plugin (=0.2.0) +114 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (>=5.4.0 <=5.4.6)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.4.0, =3.3.0, =2.4.1, =1.12, =1.18.1, =1.12, =1.12, =1.12, =1.12.1, =0.1.0-beta.6, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5...
ai.ylyue:yue-library-auth-client (>=j8.2.4.0 <=j11.2.4.0), ai.ylyue:yue-library-auth-service (>=j8.2.4.0 <=j11.2.4.0) +1439 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (>=5.4.0 <=5.4.6)
org.springframework.security:spring-security-core MAVEN version =5.4.0, =j8.2.4.0, =j8.2.4.0, =0.1.0-alpha, =0.1.0-alpha, =2.0.3, =2.0.3, =2.0.3, =1.0.0, =0.0.1, =8.1.0.371, =8.1.0.304, =8.1.0.578.187 and more Source cves: CVE-2021-22119 Source advisory: OSV:GHSA-W9JG-GVGR-354M...
com.buession.cas:buession-cas-core (>=1.1.1 <=1.1.2), com.buession.cas:buession-cas-metrics (>=1.1.1 <=1.1.2) +65 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (=5.3.0.RELEASE)
org.springframework.security:spring-security-core MAVEN version =5.3.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - com.buession.cas:buession-cas-core =1.1.1, =1.1.1,...
com.azure.spring:azure-spring-boot-starter-active-directory-b2c (=3.6.0), com.okta.idx.sdk:okta-idx-java-embedded-sign-in-widget (>=0.1.0-beta.8 <=1.0.0) +18 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (=5.5.0)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-oauth2-client and may be impacted: -...
CVE-2021-22119
CVE-2021-22119 affects Spring Security: DoS via initiation of OAuth 2.0 Authorization Requests in Web and WebFlux clients. Affected versions include 5.5.x before 5.5.1, 5.4.x before 5.4.7, 5.3.x before 5.3.10, and 5.2.x before 5.2.11. Impact is denial of service (resource exhaustion) with a singl...