Vulnerabilities > CVE-2022-22969

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

pivotal

oracle

NVD

Published: 2022-04-21

Updated: 2023-08-08

Summary

<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client applications only.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal Pivotal Spring Security Oauth *	1
Application	Oracle Oracle Communications Design Studio 7.4.2	1

References

https://tanzu.vmware.com/security/cve-2022-22969
https://www.oracle.com/security-alerts/cpujul2022.html

Vulnerabilities > CVE-2022-22969 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-22969"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-22969