V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
BDU:2021-00718
BDU
MediumConfirmedExploit available

Уязвимость компонента OAuth Java-фреймворка для обеспечения безопасности промышленных приложений Spring Security связана с переадресацией U…

CVSS
6.5
Medium
EPSS
0.00
p0
Published
2021-01-01
Updated
2021-01-01
Description

Уязвимость компонента OAuth Java-фреймворка для обеспечения безопасности промышленных приложений Spring Security связана с переадресацией URL на ненадёжный сайт. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии и получить несанкционированный доступ к защищаемой информации

Tags · CWE
Pre-auth
Affected products
Broadcom inc. Spring securityBroadcom inc. Spring securityBroadcom inc. Spring securityBroadcom inc. Spring securityOracle corp. Oracle banking corporate lending process managementOracle corp. Oracle banking corporate lending process managementOracle corp. Oracle banking corporate lending process managementOracle corp. Oracle banking credit facilities process managementOracle corp. Oracle banking credit facilities process managementOracle corp. Oracle banking credit facilities process managementOracle corp. Oracle banking liquidity managementOracle corp. Oracle banking paymentsOracle corp. Oracle banking supply chain financeOracle corp. Oracle banking trade finance process managementOracle corp. Oracle banking trade finance process managementOracle corp. Oracle banking trade finance process managementOracle corp. Oracle banking virtual account managementOracle corp. Oracle banking virtual account managementOracle corp. Oracle banking virtual account managementOracle corp. Oracle flexcube universal banking
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Timeline
2021-01-01
Published
2021-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: L
Low (L)
Integrity Impact
I: L
Low (L)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
47000
exploitdb · https://www.exploit-db.com/exploits/47000
Enterprise
CVE-2019-3778
github-poc · https://github.com/BBB-man/CVE-2019-3778-Spring-Security-OAuth-2.3-Open-Redirection
Enterprise
Affected products
Oracle
Oracle Flexcube Universal BankingOracle Banking Virtual Account ManagementOracle Banking PaymentsOracle Banking Trade Finance Process ManagementOracle Banking Liquidity ManagementOracle Banking Credit Facilities Process ManagementOracle Banking Supply Chain FinanceOracle Banking Corporate Lending Process Management
Broadcom
Spring Security
ProductVendorStatus
spring securitybroadcom inc.Tracked
spring securitybroadcom inc.Tracked
spring securitybroadcom inc.Tracked
spring securitybroadcom inc.Tracked
oracle banking corporate lending process managementoracle corp.Tracked
oracle banking corporate lending process managementoracle corp.Tracked
oracle banking corporate lending process managementoracle corp.Tracked
oracle banking credit facilities process managementoracle corp.Tracked
oracle banking credit facilities process managementoracle corp.Tracked
oracle banking credit facilities process managementoracle corp.Tracked
oracle banking liquidity managementoracle corp.Tracked
oracle banking paymentsoracle corp.Tracked
oracle banking supply chain financeoracle corp.Tracked
oracle banking trade finance process managementoracle corp.Tracked
oracle banking trade finance process managementoracle corp.Tracked
oracle banking trade finance process managementoracle corp.Tracked
oracle banking virtual account managementoracle corp.Tracked
oracle banking virtual account managementoracle corp.Tracked
oracle banking virtual account managementoracle corp.Tracked
oracle flexcube universal bankingoracle corp.Tracked
Source databases
BDU
Related vulnerabilities
CVE-2019-3778