Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:42 a.m.12 views

CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

6.5CVSS6.8AI score0.01234EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 7:15 p.m.86 views

Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)

Summary IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client application. By sending multiple specially-crafted requests, a remote attacker could exploit this...

6.5CVSS6.5AI score0.01234EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/04/22 12:0 a.m.5 views

cn.infrabase:infrabase-platform-passport (=0.0.1), cn.itlym:shoulder-starter-auth-server (=0.6) +263 more potentially affected by CVE-2022-22969 via org.springframework.security.oauth:spring-security-oauth2 (>=2.5.0.RELEASE <=2.5.1.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.5.0.RELEASE, =1.1.0, =1.1.0, =1.129.9, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =3.2.1.RELEASE, =5.0.0, =1.4.11, =1.4.11, =1.5.7 and more Source cves: CVE-2022-22969 Source advisory: OSV:GHSA-C2CP-3XJ9-97W9...

6.5CVSS6.5AI score0.01234EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/04/22 12:0 a.m.4 views

com.atlassian.connect:atlassian-connect-spring-boot-api (>=2.0.2 <=2.0.7), com.atlassian.connect:atlassian-connect-spring-boot-core (>=2.0.2 <=2.0.7) +35 more potentially affected by CVE-2022-22969 via org.springframework.security.oauth:spring-security-oauth2 (>=2.4.0.RELEASE <=2.4.1.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.4.0.RELEASE, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =0.0.5, =0.0.5, =0.0.5, =5.0.0, =5.0.0, =4.59.5, =1.0.10.RELEASE, =1.0.10.RELEASE, =1.0.10.RELEASE, =1.73.8, =1.106.2 and more Source cves: CVE-2022-22969 Source advisory:...

6.5CVSS6.3AI score0.01234EPSS
Exploits0
CVE
CVE
added 2022/04/21 6:16 p.m.778 views

CVE-2022-22969

CVE-2022-22969 affects Spring Security OAuth (spring-security-oauth2) 2.5.x before 2.5.2 and older unsupported releases. The DoS arises when an attacker initiates multiple OAuth 2.0 Authorization Code Grant authorization requests in a client application, exhausting resources per session. Affected...

6.5CVSS6.5AI score0.01234EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder