admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-221xx/CVE-2021-22119.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

213 lines
7.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-22119",
"sourceIdentifier": "security@vmware.com",
"published": "2021-06-29T17:15:08.143",
"lastModified": "2022-07-25T18:15:37.580",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions."
},
{
"lang": "es",
"value": "Spring Security versiones 5.5.x anteriores a 5.5.1, versiones 5.4.x anteriores a 5.4.7, versiones 5.3.x anteriores a 5.3.10 y versiones 5.2.x anteriores a 5.2.11 son susceptibles a un ataque de Denegaci\u00f3n de Servicio (DoS) por medio de la iniciaci\u00f3n de la Petici\u00f3n de Autorizaci\u00f3n en una Aplicaci\u00f3n OAuth versi\u00f3n 2.0 Client Web y WebFlux. Un usuario o atacante malicioso puede enviar m\u00faltiples peticiones iniciando la Petici\u00f3n de Autorizaci\u00f3n para la Concesi\u00f3n del C\u00f3digo de Autorizaci\u00f3n, lo que tiene el potencial de agotar los recursos del sistema usando una sola sesi\u00f3n o m\u00faltiples sesiones"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security@vmware.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.0",
"versionEndExcluding": "5.2.11",
"matchCriteriaId": "7F4283E2-4BE8-4B46-8C91-892808E810B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.0",
"versionEndExcluding": "5.3.10",
"matchCriteriaId": "99C6ED9C-0BB3-484A-A1C1-EC4BA3957552"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.0",
"versionEndExcluding": "5.4.7",
"matchCriteriaId": "5988044D-1835-43E3-B938-B28496FD8370"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.0",
"versionEndExcluding": "5.5.1",
"matchCriteriaId": "23388D2A-9B3C-45F2-B10E-042DEF1B9888"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E",
"source": "security@vmware.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E",
"source": "security@vmware.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E",
"source": "security@vmware.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E",
"source": "security@vmware.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E",
"source": "security@vmware.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E",
"source": "security@vmware.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://tanzu.vmware.com/security/cve-2021-22119",
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"source": "security@vmware.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"source": "security@vmware.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink