Vulnerabilities > CVE-2021-22112

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

vmware

pivotal-software

oracle

NVD

Published: 2021-02-23

Updated: 2023-11-07

Summary

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Spring Security 5.4.0 Vmware Spring Security 5.4.1 Vmware Spring Security 5.4.2 Vmware Spring Security 5.4.3	8
Application	Pivotal_Software Pivotal Software Spring Security 5.3.0 Pivotal Software Spring Security 5.3.1 Pivotal Software Spring Security 5.3.2 Pivotal Software Spring Security 5.3.3 Pivotal Software Spring Security 5.3.4 Pivotal Software Spring Security 5.3.5 Pivotal Software Spring Security 5.3.6 Pivotal Software Spring Security 5.3.7 Pivotal Software Spring Security - Pivotal Software Spring Security 3.1.0 Pivotal Software Spring Security 3.1.1 Pivotal Software Spring Security 3.1.2 Pivotal Software Spring Security 3.1.3 Pivotal Software Spring Security 3.1.4 Pivotal Software Spring Security 3.1.5 Pivotal Software Spring Security 3.2.0 Pivotal Software Spring Security 3.2.1 Pivotal Software Spring Security 3.2.2 Pivotal Software Spring Security 3.2.3 Pivotal Software Spring Security 3.2.4 Pivotal Software Spring Security 3.2.5 Pivotal Software Spring Security 3.2.6 Pivotal Software Spring Security 3.2.7 Pivotal Software Spring Security 3.2.8 Pivotal Software Spring Security 3.2.9 Pivotal Software Spring Security 3.2.10 Pivotal Software Spring Security 4.0.0 Pivotal Software Spring Security 4.0.1 Pivotal Software Spring Security 4.0.2 Pivotal Software Spring Security 4.0.3 Pivotal Software Spring Security 4.0.4 Pivotal Software Spring Security 4.1.0 Pivotal Software Spring Security 4.1.1 Pivotal Software Spring Security 4.1.2 Pivotal Software Spring Security 4.1.3 Pivotal Software Spring Security 4.1.4 Pivotal Software Spring Security 4.2.0 Pivotal Software Spring Security 4.2.1 Pivotal Software Spring Security 4.2.2 Pivotal Software Spring Security 4.2.3 Pivotal Software Spring Security 4.2.4 Pivotal Software Spring Security 4.2.5 Pivotal Software Spring Security 4.2.6 Pivotal Software Spring Security 4.2.7 Pivotal Software Spring Security 4.2.9 Pivotal Software Spring Security 4.2.10 Pivotal Software Spring Security 4.2.11 Pivotal Software Spring Security 4.2.12 Pivotal Software Spring Security 4.2.13 Pivotal Software Spring Security 4.2.14 Pivotal Software Spring Security 4.2.15 Pivotal Software Spring Security 4.2.16 Pivotal Software Spring Security 5.0.0 Pivotal Software Spring Security 5.0.1 Pivotal Software Spring Security 5.0.2 Pivotal Software Spring Security 5.0.3 Pivotal Software Spring Security 5.0.4 Pivotal Software Spring Security 5.0.5 Pivotal Software Spring Security 5.0.6 Pivotal Software Spring Security 5.0.7 Pivotal Software Spring Security 5.0.8 Pivotal Software Spring Security 5.0.9 Pivotal Software Spring Security 5.0.10 Pivotal Software Spring Security 5.0.11 Pivotal Software Spring Security 5.0.12 Pivotal Software Spring Security 5.0.13 Pivotal Software Spring Security 5.0.14 Pivotal Software Spring Security 5.0.15 Pivotal Software Spring Security 5.0.16 Pivotal Software Spring Security 5.1.0 Pivotal Software Spring Security 5.1.1 Pivotal Software Spring Security 5.1.2 Pivotal Software Spring Security 5.1.3 Pivotal Software Spring Security 5.1.4 Pivotal Software Spring Security 5.1.5 Pivotal Software Spring Security 5.1.6 Pivotal Software Spring Security 5.1.7 Pivotal Software Spring Security 5.1.8 Pivotal Software Spring Security 5.1.9 Pivotal Software Spring Security 5.1.10 Pivotal Software Spring Security 5.2.0 Pivotal Software Spring Security 5.2.1 Pivotal Software Spring Security 5.2.2 Pivotal Software Spring Security 5.2.3 Pivotal Software Spring Security 5.2.4 Pivotal Software Spring Security 5.2.5 Pivotal Software Spring Security 5.2.6 Pivotal Software Spring Security 5.2.7 Pivotal Software Spring Security 5.2.8	118
Application	Oracle Oracle Hospitality Cruise Shipboard Property Management System 20.1.0 Oracle Communications Interactive Session Recorder 6.3 Oracle Communications Interactive Session Recorder 6.4 Oracle Communications Unified Inventory Management 7.4.1 Oracle Insurance Policy Administration 11.3.0 Oracle Insurance Policy Administration 11.2.0 Oracle Communications Element Manager 8.2.0 Oracle Communications Element Manager 8.2.0.0 Oracle Communications Element Manager 8.2.1 Oracle Communications Element Manager 8.2.2 Oracle Communications Element Manager 8.2.2.1 Oracle Communications Element Manager 8.2.4.0 Oracle Mysql Enterprise Monitor - Oracle Mysql Enterprise Monitor 2.3.14 Oracle Mysql Enterprise Monitor 3.0.4 Oracle Mysql Enterprise Monitor 3.0.25 Oracle Mysql Enterprise Monitor 3.1.0 Oracle Mysql Enterprise Monitor 3.1.1 Oracle Mysql Enterprise Monitor 3.1.2 Oracle Mysql Enterprise Monitor 3.1.3 Oracle Mysql Enterprise Monitor 3.1.3.7856 Oracle Mysql Enterprise Monitor 3.1.4 Oracle Mysql Enterprise Monitor 3.1.5 Oracle Mysql Enterprise Monitor 3.1.6 Oracle Mysql Enterprise Monitor 3.1.6.8003 Oracle Mysql Enterprise Monitor 3.1.7 Oracle Mysql Enterprise Monitor 3.2.0 Oracle Mysql Enterprise Monitor 3.2.1 Oracle Mysql Enterprise Monitor 3.2.2 Oracle Mysql Enterprise Monitor 3.2.3 Oracle Mysql Enterprise Monitor 3.2.4 Oracle Mysql Enterprise Monitor 3.2.5 Oracle Mysql Enterprise Monitor 3.2.6 Oracle Mysql Enterprise Monitor 3.2.7 Oracle Mysql Enterprise Monitor 3.2.8 Oracle Mysql Enterprise Monitor 3.2.8.2223 Oracle Mysql Enterprise Monitor 3.2.9 Oracle Mysql Enterprise Monitor 3.2.10 Oracle Mysql Enterprise Monitor 3.2.1182 Oracle Mysql Enterprise Monitor 3.3.0 Oracle Mysql Enterprise Monitor 3.3.1 Oracle Mysql Enterprise Monitor 3.3.2 Oracle Mysql Enterprise Monitor 3.3.2.1162 Oracle Mysql Enterprise Monitor 3.3.3 Oracle Mysql Enterprise Monitor 3.3.4 Oracle Mysql Enterprise Monitor 3.3.4.3247 Oracle Mysql Enterprise Monitor 3.3.5 Oracle Mysql Enterprise Monitor 3.3.6 Oracle Mysql Enterprise Monitor 3.3.7 Oracle Mysql Enterprise Monitor 3.3.8 Oracle Mysql Enterprise Monitor 3.3.9 Oracle Mysql Enterprise Monitor 3.4.0 Oracle Mysql Enterprise Monitor 3.4.1 Oracle Mysql Enterprise Monitor 3.4.2 Oracle Mysql Enterprise Monitor 3.4.2.4181 Oracle Mysql Enterprise Monitor 3.4.3 Oracle Mysql Enterprise Monitor 3.4.4 Oracle Mysql Enterprise Monitor 3.4.5 Oracle Mysql Enterprise Monitor 3.4.6 Oracle Mysql Enterprise Monitor 3.4.7 Oracle Mysql Enterprise Monitor 3.4.7.4297 Oracle Mysql Enterprise Monitor 3.4.8 Oracle Mysql Enterprise Monitor 3.4.9 Oracle Mysql Enterprise Monitor 3.4.9.4237 Oracle Mysql Enterprise Monitor 3.4.10 Oracle Mysql Enterprise Monitor 4.0.0 Oracle Mysql Enterprise Monitor 4.0.1 Oracle Mysql Enterprise Monitor 4.0.2 Oracle Mysql Enterprise Monitor 4.0.3 Oracle Mysql Enterprise Monitor 4.0.4 Oracle Mysql Enterprise Monitor 4.0.4.5235 Oracle Mysql Enterprise Monitor 4.0.5 Oracle Mysql Enterprise Monitor 4.0.6 Oracle Mysql Enterprise Monitor 4.0.6.5281 Oracle Mysql Enterprise Monitor 4.0.7 Oracle Mysql Enterprise Monitor 4.0.8 Oracle Mysql Enterprise Monitor 4.0.11.5331 Oracle Mysql Enterprise Monitor 4.0.12 Oracle Mysql Enterprise Monitor 4.1 Oracle Mysql Enterprise Monitor 8.0.0 Oracle Mysql Enterprise Monitor 8.0.0.8131 Oracle Mysql Enterprise Monitor 8.0.1 Oracle Mysql Enterprise Monitor 8.0.2 Oracle Mysql Enterprise Monitor 8.0.2.8191 Oracle Mysql Enterprise Monitor 8.0.3 Oracle Mysql Enterprise Monitor 8.0.14 Oracle Mysql Enterprise Monitor 8.0.18.1217 Oracle Mysql Enterprise Monitor 8.0.20 Oracle Mysql Enterprise Monitor 8.0.21 Oracle Mysql Enterprise Monitor 8.0.22 Oracle Mysql Enterprise Monitor 8.0.23 Oracle Mysql Enterprise Monitor 8.0.25	92

Vulnerabilities > CVE-2021-22112 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-22112"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-22112