CVE-2022-22969

Published: Apr 21, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client applications only.

Affected (3)

Products: Pivotal: Spring Security Oauth · Oracle: Communications Design Studio

1 product

Spring Security Oauth

1 product

Communications Design Studio

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Pivotal Spring Security Oauth	From 2.4.0 to 2.4.2
Pivotal Spring Security Oauth	From 2.5.0 to 2.5.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Design Studio	Version 7.4.2

References (4)

https://tanzu.vmware.com/security/cve-2022-22969

Source: security@vmware.com

Vendor Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: security@vmware.com

PatchThird Party Advisory

https://tanzu.vmware.com/security/cve-2022-22969

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.