vmware spring-security CVE-2021-22119 in VMware and Oracle Products
Published on June 29, 2021

product logo product logo
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.

NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2021-22119 has been classified to as a Resource Exhaustion vulnerability or weakness.


Products Associated with CVE-2021-22119

stack.watch emails you whenever new vulnerabilities are published in VMware Spring Security or Oracle Communications Cloud Native Core Policy. Just hit a watch button to start following.

VMware Spring Security
 
Oracle Communications Cloud Native Core Policy
 

Exploit Probability

EPSS
4.90%
Percentile
89.44%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.