Lucene search
+L

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 11:5 a.m.45 views

Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2021-22119

Summary There is a vulnerability in Spring Security that could allow a remote attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-2211...

7.5CVSS7.8AI score0.06001EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.103 views

K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509

Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

5.5CVSS5.5AI score0.01503EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.4 views

SUSE CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

7.5CVSS6.4AI score0.06001EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/20 12:0 a.m.57 views

JVN#15317878: Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)

Spring Security OAuth spring-security-oauth2 provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption CWE-400. Note that Spring Security OAuth spring-security-oauth2 is no longer supported, therefore Spring Security has been developed as the...

7.5CVSS6.7AI score0.06001EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/07/02 6:33 p.m.6 views

cc.vihackerframework:vihacker-auth-starter (>=1.0.4.R <=1.0.6.R), cc.vihackerframework:vihacker-common-starter (>=1.0.4.R <=1.0.6.R) +605 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (=5.5.0)

org.springframework.security:spring-security-core MAVEN version =5.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - cc.vihackerframework:vihacker-auth-starter =1.0.4.R, =1.0.4....

7.5CVSS6.8AI score0.06001EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/07/02 6:33 p.m.7 views

com.c4-soft.springaddons:spring-security-test-oauth2-addons (=1.0.0), com.epam.reportportal:service-authorization (=5.0.0) +18 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (=5.2.0.RELEASE)

org.springframework.security:spring-security-oauth2-client MAVEN version =5.2.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-oauth2-client and may be impacted: -...

7.5CVSS6.8AI score0.06001EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/07/02 6:33 p.m.8 views

com.azure.spring:azure-spring-boot-starter-active-directory-b2c (>=3.3.0 <=3.5.0), com.backbase.oss:scdf-maven-plugin (=0.2.0) +114 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (>=5.4.0 <=5.4.6)

org.springframework.security:spring-security-oauth2-client MAVEN version =5.4.0, =3.3.0, =2.4.1, =1.12, =1.18.1, =1.12, =1.12, =1.12, =1.12.1, =0.1.0-beta.6, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5...

7.5CVSS6.8AI score0.06001EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/07/02 6:33 p.m.6 views

ai.ylyue:yue-library-auth-client (>=j8.2.4.0 <=j11.2.4.0), ai.ylyue:yue-library-auth-service (>=j8.2.4.0 <=j11.2.4.0) +1439 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (>=5.4.0 <=5.4.6)

org.springframework.security:spring-security-core MAVEN version =5.4.0, =j8.2.4.0, =j8.2.4.0, =0.1.0-alpha, =0.1.0-alpha, =2.0.3, =2.0.3, =2.0.3, =1.0.0, =0.0.1, =8.1.0.371, =8.1.0.304, =8.1.0.578.187 and more Source cves: CVE-2021-22119 Source advisory: OSV:GHSA-W9JG-GVGR-354M...

7.5CVSS6.8AI score0.06001EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/07/02 6:33 p.m.7 views

com.buession.cas:buession-cas-core (>=1.1.1 <=1.1.2), com.buession.cas:buession-cas-metrics (>=1.1.1 <=1.1.2) +65 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (=5.3.0.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.3.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - com.buession.cas:buession-cas-core =1.1.1, =1.1.1,...

7.5CVSS6.8AI score0.06001EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/07/02 6:33 p.m.7 views

com.azure.spring:azure-spring-boot-starter-active-directory-b2c (=3.6.0), com.okta.idx.sdk:okta-idx-java-embedded-sign-in-widget (>=0.1.0-beta.8 <=1.0.0) +18 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (=5.5.0)

org.springframework.security:spring-security-oauth2-client MAVEN version =5.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-oauth2-client and may be impacted: -...

7.5CVSS6.8AI score0.06001EPSS
Exploits0
CVE
CVE
added 2021/06/29 4:15 p.m.186 views

CVE-2021-22119

CVE-2021-22119 affects Spring Security: DoS via initiation of OAuth 2.0 Authorization Requests in Web and WebFlux clients. Affected versions include 5.5.x before 5.5.1, 5.4.x before 5.4.7, 5.3.x before 5.3.10, and 5.2.x before 5.2.11. Impact is denial of service (resource exhaustion) with a singl...

7.5CVSS7.4AI score0.06001EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder