Vulnerabilities > Pivotal Software > Spring Security > 5.3.1

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2021-22112 Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in).
network
low complexity
vmware pivotal-software oracle
8.8
8.8
2020-05-14 CVE-2020-5408 Use of Insufficiently Random Values vulnerability in multiple products
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor.
network
low complexity
pivotal-software vmware CWE-330
6.5
6.5
2020-05-13 CVE-2020-5407 Improper Verification of Cryptographic Signature vulnerability in Pivotal Software Spring Security
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation.
network
low complexity
pivotal-software CWE-347
8.8
8.8