EUVD-2019-0551

Malware in sbrugna...

CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

K10520421: Spring Security OAuth vulnerability CVE-2018-1260

Security Advisory Description Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the...

Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)

Summary IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client application. By sending multiple specially-crafted requests, a remote attacker could exploit this...

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Summary IBM Data Risk Manager IDRM 2.0.6.13, which is the only supported version, is impacted by multiple vulnerabilities including Apache Log4j 1.x CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022-23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493 which was bundled within hadoop-client...

Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)

Overview Spring Security OAuth spring-security-oauth2 provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption CWE-400. Note that Spring Security OAuth spring-security-oauth2 is no longer supported, therefore Spring Security has been developed a...

JVN#15317878: Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)

Spring Security OAuth spring-security-oauth2 provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption CWE-400. Note that Spring Security OAuth spring-security-oauth2 is no longer supported, therefore Spring Security has been developed as the...

be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3), com.arsframework:ars-module-cms (>=1.0.0 <=1.1.4) +379 more potentially affected by CVE-2014-0097 via org.springframework.security:spring-security-core (>=3.1.0.RELEASE <=3.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =3.1.0.RELEASE, =0.3.3, =1.0.0, =1.0.0, =1.0.0, =1.2.1, =1.2.1, =1.3.6, =1.0.0-alpha2, =1.5, =1.0.0, =3.0.4, =3.0.5 - com.github.ptomli.bedrock:bedrock-core =1.0.0 - com.github.yongjacky:jee.borneo.miri =1.1.6 -...

CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

CVE report published for Spring Security OAuth

We have released Spring Security OAuth 2.5.2 to address the following CVE report. CVE-2022-22969: Denial-of-Service DoS in spring-security-oauth2 This vulnerability exposes OAuth 2.0 Client applications only. Please review the information in the CVE report and upgrade immediately...

PT-2022-15749 · Spring · Spring Security Oauth

Name of the Vulnerable Software and Affected Versions: Spring Security OAuth versions 2.5.x prior to 2.5.2 Spring Security OAuth older unsupported versions Description: The issue is a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. ...

spring-security-oauth: Privilege escalation by manipulating saved authorization request

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...

Important: Red Hat Security Advisory: Red Hat Fuse 7.4.0 security update

A minor version update from 7.3 to 7.4 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Security Bulletin: Remote code execution vulnerability (CVE-2019-11269) affects IBM Spectrum Symphony 7.2.1 and 7.2.0.2

Summary A remote code execution vulnerability exists in the Spring Security OAuth version used by IBM Spectrum Symphony 7.2.1 and 7.2.0.2. Interim fixes that provide instructions on upgrading the Spring Security OAuth package to version 2.0.18 which resolves this vulnerability are available on IB...

Security Bulletin: Remote code execution vulnerability (CVE-2019-3778) affects IBM Spectrum Symphony 7.2.0.2 and 7.2.1

Summary Interim fixes are needed to upgrade the Spring Security OAuth package in IBM Spectrum Symphony 7.2.0.2 and 7.2.1 to resolve the remote code execution vulnerability CVE-2019-3778. Vulnerability Details CVE-ID: CVE-2019-3778 Description: Spring Security OAuth could allow a remote attacker t...

Spring Security OAuth - Open Redirector Vulnerability

Exploit for java platform in category web applications Exploit Title: Open Redirector in spring-security-oauth2 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

Spring Security OAuth - Open Redirector

Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

Spring Security OAuth 2.3 Open Redirection

Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...