Vulnerabilities > CVE-2021-22119 - Incorrect Authorization vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

vmware

oracle

CWE-863

NVD

Published: 2021-06-29

Updated: 2023-11-07

Summary

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Spring Security 5.5.0 Vmware Spring Security 5.4.0 Vmware Spring Security 5.4.1 Vmware Spring Security 5.4.2 Vmware Spring Security 5.4.3 Vmware Spring Security 5.4.4 Vmware Spring Security 5.4.5 Vmware Spring Security 5.4.6 Vmware Spring Security 5.2.0 Vmware Spring Security 5.2.1 Vmware Spring Security 5.2.2 Vmware Spring Security 5.2.3 Vmware Spring Security 5.2.4 Vmware Spring Security 5.2.5 Vmware Spring Security 5.2.6 Vmware Spring Security 5.2.7 Vmware Spring Security 5.2.8 Vmware Spring Security 5.2.9 Vmware Spring Security 5.2.10 Vmware Spring Security 5.3.0 Vmware Spring Security 5.3.1 Vmware Spring Security 5.3.2 Vmware Spring Security 5.3.3 Vmware Spring Security 5.3.4 Vmware Spring Security 5.3.5 Vmware Spring Security 5.3.6 Vmware Spring Security 5.3.7 Vmware Spring Security 5.3.8 Vmware Spring Security 5.3.9	45
Application	Oracle Oracle Communications Cloud Native Core Policy 1.14.0	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References