6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
Spring Security OAuth is vulnerable to denial of service. The vulnerability exists due to a lack of restriction of the number of request initiating the Authorization Request for the Authorization Code Grant allowing an attacker to exhaust the system resources sending multiple requests with a single session.
github.com/spring-projects/spring-security-oauth/commit/2b58aafecac336e82f20ea43da9b208b0a4a40dd
github.com/spring-projects/spring-security-oauth/commit/3379a36e64c13e4118c7e179f3a874a64de5f5a2
github.com/spring-projects/spring-security-oauth/commit/e96d2c738757146234c7e8a1962a7a755776b512
github.com/spring-projects/spring-security-oauth/issues/142
spring.io/blog/2022/04/21/cve-report-published-for-spring-security-oauth
tanzu.vmware.com/security/cve-2022-22969
www.oracle.com/security-alerts/cpujul2022.html
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P