Lucene search

PRIOn knowledge basePRION:CVE-2021-22112

HistoryFeb 23, 2021 - 7:15 p.m.

Authentication flaw

2021-02-2319:15:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application’s intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

CPENameOperatorVersion
communications_element_managerge8.2.0
communications_element_managerle8.2.4.0
communications_interactive_session_recordereq6.3
communications_interactive_session_recordereq6.4
communications_unified_inventory_managementeq7.4.1
hospitality_cruise_shipboard_property_management_systemeq20.1.0
insurance_policy_administrationeq11.3.0
insurance_policy_administrationeq11.2.0
mysql_enterprise_monitorle8.0.25
spring_securityge5.3.0

Name	Operator	Version
communications_element_manager	ge	8.2.0
communications_element_manager	le	8.2.4.0
communications_interactive_session_recorder	eq	6.3
communications_interactive_session_recorder	eq	6.4
communications_unified_inventory_management	eq	7.4.1
hospitality_cruise_shipboard_property_management_system	eq	20.1.0
insurance_policy_administration	eq	11.3.0
insurance_policy_administration	eq	11.2.0
mysql_enterprise_monitor	le	8.0.25
spring_security	ge	5.3.0

Rows per page:

1-10 of 141

References

www.openwall.com/lists/oss-security/2021/02/19/7

lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E

lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E

lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E

lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E

lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E

lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E

lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E

lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E

lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E

lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E

tanzu.vmware.com/security/cve-2021-22112

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpuoct2021.html