Skip to main content

Spring Security Oauth

6 CVEs product

Monthly

CVE-2022-22969 Maven MEDIUM PATCH This Month

<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Information Disclosure Spring Security Oauth Communications Design Studio
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-11269 Maven MEDIUM POC PATCH This Month

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Open Redirect Spring Security Oauth Banking Corporate Lending
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
8.9%
CVE-2019-3778 Maven MEDIUM POC PATCH THREAT This Month

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Open Redirect Spring Security Oauth Banking Corporate Lending
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
15.6%
CVE-2018-15758 Maven HIGH PATCH This Week

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Privilege Escalation Spring Security Oauth
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2018-1260 Maven CRITICAL PATCH Act Now

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection RCE Spring Security Oauth
NVD
CVSS 3.0
9.8
EPSS
8.4%
CVE-2016-4977 Maven HIGH POC PATCH THREAT Act Now

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.7%.

RCE Java Spring Security Oauth
NVD
CVSS 3.0
8.8
EPSS
93.7%
Threat
6.1
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Information Disclosure Spring Security Oauth +1
NVD
EPSS 9% CVSS 5.4
MEDIUM POC PATCH This Month

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Open Redirect Spring Security Oauth +1
NVD Exploit-DB
EPSS 16% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Open Redirect Spring Security Oauth +1
NVD Exploit-DB
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Privilege Escalation Spring Security Oauth
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection RCE +1
NVD
EPSS 94% 6.1 CVSS 8.8
HIGH POC PATCH THREAT Act Now

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.7%.

RCE Java Spring Security Oauth
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy