Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2B4A8FAD248FBDD91F4D6FA5ED2E912882C55956B39944D0CBCDB30745A4D09E
HistoryJul 04, 2019 - 3:45 a.m.

Security Bulletin: Remote code execution vulnerability (CVE-2019-11269) affects IBM Spectrum Symphony 7.2.1 and 7.2.0.2

2019-07-0403:45:01
www.ibm.com
13

0.003 Low

EPSS

Percentile

68.8%

JSON

Summary

A remote code execution vulnerability exists in the Spring Security OAuth version used by IBM Spectrum Symphony 7.2.1 and 7.2.0.2. Interim fixes that provide instructions on upgrading the Spring Security OAuth package to version 2.0.18 (which resolves this vulnerability) are available on IBM Fix Central.

Vulnerability Details

CVE-ID: CVE-2019-11269 Description: Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using redirect_uri parameter in a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base Score: 7.4
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/162650&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)

Affected Products and Versions

IBM Spectrum Symphony 7.2.1

IBM Spectrum Symphony 7.2.0.2

Remediation/Fixes

Download the interim fixes that correspond to your product version from IBM Fix Central, then follow the steps in the accompanying readme to apply the interim fix on Linux x86_64 hosts in your cluster:

IBM Spectrum Symphony 7.2.1 (x86_64)

|

sym-7.2.1-build523774

—|—

IBM Spectrum Symphony 7.2.0.2 (x86_64)

|

sym-7.2.0.2-build523769

Workarounds and Mitigations

None.

Related

osv 2
github 1
prion 1
veracode 1
nvd 1
cvelist 1
redhatcve 1
cve 1
exploitpack 1
packetstorm 1
githubexploit 1
zdt 1
exploitdb 1
ibm 2
oracle 1
osv
osv
CVE-2019-11269
2019-06-12 15:29:00
Open Redirect in Spring Security OAuth
2019-06-13 20:18:28
github
github
Open Redirect in Spring Security OAuth
2019-06-13 20:18:28
prion
prion
Authorization
2019-06-12 15:29:00
veracode
veracode
Open Redirection
2019-05-31 05:11:43
nvd
nvd
CVE-2019-11269
2019-06-12 15:29:00
cvelist
cvelist
CVE-2019-11269 Open Redirector in spring-security-oauth2
2019-05-30 00:00:00
redhatcve
redhatcve
CVE-2019-11269
2019-05-31 08:52:34
cve
cve
CVE-2019-11269
2019-06-12 15:29:00
exploitpack
exploitpack
Spring Security OAuth - Open Redirector
2019-06-17 00:00:00
packetstorm
packetstorm
Spring Security OAuth 2.3 Open Redirection
2019-06-17 00:00:00
githubexploit
githubexploit
Exploit for Open Redirect in Pivotal Software Spring Security Oauth
2019-10-14 02:15:39
zdt
zdt
Spring Security OAuth - Open Redirector Vulnerability
2019-06-18 00:00:00
exploitdb
exploitdb
Spring Security OAuth - Open Redirector
2019-06-17 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
2021-04-13 20:46:06
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)
2020-08-24 10:03:43
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00

0.003 Low

EPSS

Percentile

68.8%

JSON
Related for 2B4A8FAD248FBDD91F4D6FA5ED2E912882C55956B39944D0CBCDB30745A4D09E
osv2github1prion1veracode1nvd1cvelist1redhatcve1cve1exploitpack1packetstorm1githubexploit1zdt1exploitdb1ibm2oracle1