pivotalsoftware spring-security CVE-2021-22112 vulnerability in Pivotal Software and Other Products
Published on February 23, 2021

product logo product logo product logo
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

NVD


Products Associated with CVE-2021-22112

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-22112 are published in these products:

Pivotal Software Spring Security
 
VMware Spring Security
 
Oracle Communications Interactive Session Recorder
 
Oracle Hospitality Cruise Shipboard Property Management System
 
Oracle Communications Unified Inventory Management
 
Oracle Insurance Policy Administration
 
Oracle Communications Element Manager
 
Oracle Mysql Enterprise Monitor
 

Exploit Probability

EPSS
0.98%
Percentile
76.41%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.