CVE-2022-22969 in Pivotal and Oracle Products
Published on April 21, 2022
<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client applications only.
Products Associated with CVE-2022-22969
stack.watch emails you whenever new vulnerabilities are published in Pivotal Spring Security Oauth or Oracle Communications Design Studio. Just hit a watch button to start following.
Exploit Probability
EPSS
0.51%
Percentile
66.09%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.