Vulnerabilities > Vmware > Spring Security > 5.2.5

DATE CVE VULNERABILITY TITLE RISK
2022-05-19 CVE-2022-22976 Integer Overflow or Wraparound vulnerability in multiple products
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability.
network
low complexity
vmware oracle netapp CWE-190
5.3
5.3
2022-05-19 CVE-2022-22978 Incorrect Authorization vulnerability in multiple products
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.
network
low complexity
vmware oracle netapp CWE-863
critical
 9.8
9.8
2021-06-29 CVE-2021-22119 Incorrect Authorization vulnerability in multiple products
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application.
network
low complexity
vmware oracle CWE-863
7.5
7.5