5 matches found
CVE-2022-22969
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)
Summary IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client application. By sending multiple specially-crafted requests, a remote attacker could exploit this...
cn.infrabase:infrabase-platform-passport (=0.0.1), cn.itlym:shoulder-starter-auth-server (=0.6) +263 more potentially affected by CVE-2022-22969 via org.springframework.security.oauth:spring-security-oauth2 (>=2.5.0.RELEASE <=2.5.1.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.5.0.RELEASE, =1.1.0, =1.1.0, =1.129.9, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =3.2.1.RELEASE, =5.0.0, =1.4.11, =1.4.11, =1.5.7 and more Source cves: CVE-2022-22969 Source advisory: OSV:GHSA-C2CP-3XJ9-97W9...
com.atlassian.connect:atlassian-connect-spring-boot-api (>=2.0.2 <=2.0.7), com.atlassian.connect:atlassian-connect-spring-boot-core (>=2.0.2 <=2.0.7) +35 more potentially affected by CVE-2022-22969 via org.springframework.security.oauth:spring-security-oauth2 (>=2.4.0.RELEASE <=2.4.1.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.4.0.RELEASE, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =0.0.5, =0.0.5, =0.0.5, =5.0.0, =5.0.0, =4.59.5, =1.0.10.RELEASE, =1.0.10.RELEASE, =1.0.10.RELEASE, =1.73.8, =1.106.2 and more Source cves: CVE-2022-22969 Source advisory:...
CVE-2022-22969
CVE-2022-22969 affects Spring Security OAuth (spring-security-oauth2) 2.5.x before 2.5.2 and older unsupported releases. The DoS arises when an attacker initiates multiple OAuth 2.0 Authorization Code Grant authorization requests in a client application, exhausting resources per session. Affected...