CVE-2021-22112

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

8.8high3.x

0246810

CVSS Score: 8.8/10

All CVSS Scores

CVSS 3.x

8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0

9.0

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Description

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application’s intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

debiannvd

Vulnerable Software (9)

Type: Configuration

Product: jenkins

Operating System: debian

Trait:

{  "unfixed": true}

Source: debian

Type: Configuration

Vendor: oracle

Product: communications_element_manager

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vul...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.0.25",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: oracle

Product: communications_interactive_session_recorder

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vul...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.0.25",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: oracle

Product: communications_unified_inventory_management

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vul...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.0.25",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: oracle

Product: hospitality_cruise_shipboard_property_management_system

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vul...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.0.25",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: oracle

Product: insurance_policy_administration

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vul...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.0.25",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: oracle

Product: mysql_enterprise_monitor

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vul...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4.0",      "versionStartIncluding": "8.2.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.0.25",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: pivotal_software

Product: spring_security

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",      "versionEndExcluding": "5.2.9",      "vulnerable": true    },    {      "cpe23uri": "...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",      "versionEndExcluding": "5.2.9",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",      "versionEndExcluding": "5.3.8",      "versionStartIncluding": "5.3.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",      "versionEndExcluding": "5.4.4",      "versionStartIncluding": "5.4.0",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: vmware

Product: spring_security

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",      "versionEndExcluding": "5.2.9",      "vulnerable": true    },    {      "cpe23uri": "...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",      "versionEndExcluding": "5.2.9",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",      "versionEndExcluding": "5.3.8",      "versionStartIncluding": "5.3.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",      "versionEndExcluding": "5.4.4",      "versionStartIncluding": "5.4.0",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Russian Vulnerability Scanner Database

CVE-2021-22112

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Vulnerable Software (9)