Vulnerability-Lookup

CVE-2022-31690 (GCVE-0-2022-31690)

Vulnerability from cvelistv5 – Published: 2022-10-31 00:00 – Updated: 2025-05-08 18:47

Summary

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Privilege Escalation in spring-security-oauth2-client

Assigner

vmware

References

URL

Tags

	https://tanzu.vmware.com/security/cve-2022-31690
	https://security.netapp.com/advisory/ntap-2022121…

Impacted products

	Vendor	Product	Version
	n/a	Spring Security	Affected: Spring Security (5.7 to 5.7.4 and 5.6 to 5.6.8 as well as older, unsupported versions)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:26:01.073Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://tanzu.vmware.com/security/cve-2022-31690"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-31690",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T18:42:47.671600Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T18:47:35.924Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Security",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring Security (5.7 to 5.7.4 and 5.6 to 5.6.8 as well as older, unsupported versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation in spring-security-oauth2-client",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-15T00:00:00.000Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://tanzu.vmware.com/security/cve-2022-31690"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2022-31690",
    "datePublished": "2022-10-31T00:00:00.000Z",
    "dateReserved": "2022-05-25T00:00:00.000Z",
    "dateUpdated": "2025-05-08T18:47:35.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tanzu.vmware.com/security/cve-2022-31690\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221215-0010/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T07:26:01.073Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-31690\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T18:42:47.671600Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T18:47:26.537Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Spring Security\", \"versions\": [{\"status\": \"affected\", \"version\": \"Spring Security (5.7 to 5.7.4 and 5.6 to 5.6.8 as well as older, unsupported versions)\"}]}], \"references\": [{\"url\": \"https://tanzu.vmware.com/security/cve-2022-31690\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221215-0010/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Privilege Escalation in spring-security-oauth2-client\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2022-12-15T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-31690\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-08T18:47:35.924Z\", \"dateReserved\": \"2022-05-25T00:00:00.000Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2022-10-31T00:00:00.000Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0240

Vulnerability from certfr_avis - Published: 2024-03-22 - Updated: 2024-03-22

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code arbitraire et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Spectrum	Spectrum Protect Plus versions 10.1.x antérieures à 10.1.16.1
	IBM	QRadar SIEM	QRadar SIEM M7 Appliances versions antérieures à 7.5 sans le microgiciel 4.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7144944 du 21 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7144861 du 20 mars 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.16.1",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM M7 Appliances versions ant\u00e9rieures \u00e0 7.5 sans le microgiciel 4.0.0",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22950"
    },
    {
      "name": "CVE-2023-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
    },
    {
      "name": "CVE-2023-46813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46813"
    },
    {
      "name": "CVE-2023-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
    },
    {
      "name": "CVE-2022-22976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22976"
    },
    {
      "name": "CVE-2022-22971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22971"
    },
    {
      "name": "CVE-2021-41079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41079"
    },
    {
      "name": "CVE-2023-51385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
    },
    {
      "name": "CVE-2023-5633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5633"
    },
    {
      "name": "CVE-2022-38457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
    },
    {
      "name": "CVE-2021-42340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
    },
    {
      "name": "CVE-2023-2248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2248"
    },
    {
      "name": "CVE-2022-22978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22978"
    },
    {
      "name": "CVE-2023-6536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
    },
    {
      "name": "CVE-2023-23455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
    },
    {
      "name": "CVE-2024-0646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
    },
    {
      "name": "CVE-2022-22980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22980"
    },
    {
      "name": "CVE-2023-40283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
    },
    {
      "name": "CVE-2023-45862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45862"
    },
    {
      "name": "CVE-2022-45869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
    },
    {
      "name": "CVE-2023-6817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
    },
    {
      "name": "CVE-2023-1074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
    },
    {
      "name": "CVE-2023-29986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29986"
    },
    {
      "name": "CVE-2023-42753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
    },
    {
      "name": "CVE-2023-4921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
    },
    {
      "name": "CVE-2023-33203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
    },
    {
      "name": "CVE-2023-3812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3812"
    },
    {
      "name": "CVE-2021-3923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3923"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2022-25762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25762"
    },
    {
      "name": "CVE-2023-38409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38409"
    },
    {
      "name": "CVE-2023-4207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
    },
    {
      "name": "CVE-2023-28487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
    },
    {
      "name": "CVE-2024-0443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0443"
    },
    {
      "name": "CVE-2022-3545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
    },
    {
      "name": "CVE-2023-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
    },
    {
      "name": "CVE-2023-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2162"
    },
    {
      "name": "CVE-2022-36402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36402"
    },
    {
      "name": "CVE-2022-21216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21216"
    },
    {
      "name": "CVE-2023-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
    },
    {
      "name": "CVE-2021-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
    },
    {
      "name": "CVE-2023-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
    },
    {
      "name": "CVE-2023-45871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
    },
    {
      "name": "CVE-2023-1075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1075"
    },
    {
      "name": "CVE-2023-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
    },
    {
      "name": "CVE-2023-52071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52071"
    },
    {
      "name": "CVE-2023-26545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
    },
    {
      "name": "CVE-2022-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
    },
    {
      "name": "CVE-2023-6535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
    },
    {
      "name": "CVE-2023-2269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2269"
    },
    {
      "name": "CVE-2022-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
    },
    {
      "name": "CVE-2024-27277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27277"
    },
    {
      "name": "CVE-2023-47715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47715"
    },
    {
      "name": "CVE-2023-51780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51780"
    },
    {
      "name": "CVE-2022-22970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22970"
    },
    {
      "name": "CVE-2023-4622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4622"
    },
    {
      "name": "CVE-2022-28388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28388"
    },
    {
      "name": "CVE-2023-42465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
    },
    {
      "name": "CVE-2023-6606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
    },
    {
      "name": "CVE-2022-31690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31690"
    },
    {
      "name": "CVE-2023-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0597"
    },
    {
      "name": "CVE-2023-4623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
    },
    {
      "name": "CVE-2024-0853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0853"
    },
    {
      "name": "CVE-2023-51042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51042"
    },
    {
      "name": "CVE-2021-22096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22096"
    },
    {
      "name": "CVE-2023-28486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
    },
    {
      "name": "CVE-2022-29885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
    },
    {
      "name": "CVE-2023-5717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
    },
    {
      "name": "CVE-2023-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
    },
    {
      "name": "CVE-2022-27772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27772"
    },
    {
      "name": "CVE-2023-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
    },
    {
      "name": "CVE-2023-6610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
    }
  ],
  "initial_release_date": "2024-03-22T00:00:00",
  "last_revision_date": "2024-03-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0240",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une\nex\u00e9cution de code arbitraire et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7144944 du 21 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7144944"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7144861 du 20 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7144861"
    }
  ]
}

CERTFR-2022-AVI-978

Vulnerability from certfr_avis - Published: 2022-11-02 - Updated: 2022-11-02

De multiples vulnérabilités ont été découvertes dans VMware Spring Security. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Spring	N/A	Spring Security versions 5.7.x antérieures à 5.7.5
	Spring	N/A	Spring Security versions versions 5.6.x antérieures à 5.6.9

References

Title

Publication Time

Tags

Bulletin de sécurité VMware cve-2022-31690 du 31 octobre 2022	None	vendor-advisory
Bulletin de sécurité VMware cve-2022-31692 du 31 octobre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Spring Security versions 5.7.x ant\u00e9rieures \u00e0 5.7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Security versions versions 5.6.x ant\u00e9rieures \u00e0 5.6.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-31692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
    },
    {
      "name": "CVE-2022-31690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31690"
    }
  ],
  "initial_release_date": "2022-11-02T00:00:00",
  "last_revision_date": "2022-11-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-978",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Spring\nSecurity. Elles permettent \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Spring",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware cve-2022-31690 du 31 octobre 2022",
      "url": "https://tanzu.vmware.com/security/cve-2022-31690"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware cve-2022-31692 du 31 octobre 2022",
      "url": "https://tanzu.vmware.com/security/cve-2022-31692"
    }
  ]
}

CERTFR-2023-AVI-0012

Vulnerability from certfr_avis - Published: 2023-01-10 - Updated: 2023-01-10

De multiples vulnérabilités ont été découvertes dans IBM Sterling. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling Partner Engagement Manager (éditions Essentials et Standard) versions 6.2.1.x antérieures à 6.2.1.2
IBM	Sterling	IBM Sterling B2B Integrator versions 6.1.0.x antérieures à 6.1.0.6
IBM	Sterling	IBM Sterling Partner Engagement Manager (éditions Essentials et Standard) versions 6.1.2.x antérieures à 6.1.2.7
IBM	Sterling	IBM Sterling B2B Integrator versions 6.0.x antérieures à 6.0.3.7
IBM	Sterling	IBM Sterling B2B Integrator versions 6.1.2.x antérieures à 6.1.2.1
IBM	Sterling	IBM Sterling Partner Engagement Manager (éditions Essentials et Standard) versions 6.2.0.x antérieures à 6.2.0.5
IBM	Sterling	IBM Sterling B2B Integrator versions 6.1.1.x antérieures à 6.1.1.3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6854335 du 09 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6854339 du 09 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6854329 du 09 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6854325 du 09 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6854327 du 09 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6854333 du 09 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6854331 du 09 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6853637 du 09 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6854337 du 09 janvier 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Partner Engagement Manager (\u00e9ditions Essentials et Standard) versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.2",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.6",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager (\u00e9ditions Essentials et Standard) versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.7",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.7",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager (\u00e9ditions Essentials et Standard) versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.1.x ant\u00e9rieures \u00e0 6.1.1.3",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-19361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
    },
    {
      "name": "CVE-2019-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
    },
    {
      "name": "CVE-2022-40664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40664"
    },
    {
      "name": "CVE-2022-40615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40615"
    },
    {
      "name": "CVE-2022-34335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34335"
    },
    {
      "name": "CVE-2022-31692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2022-34305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34305"
    },
    {
      "name": "CVE-2021-30129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
    },
    {
      "name": "CVE-2018-14720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2022-31690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31690"
    },
    {
      "name": "CVE-2022-21541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
    },
    {
      "name": "CVE-2022-21540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
    }
  ],
  "initial_release_date": "2023-01-10T00:00:00",
  "last_revision_date": "2023-01-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0012",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Sterling.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Sterling",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6854335 du 09 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6854335"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6854339 du 09 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6854339"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6854329 du 09 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6854329"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6854325 du 09 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6854325"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6854327 du 09 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6854327"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6854333 du 09 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6854333"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6854331 du 09 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6854331"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6853637 du 09 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6853637"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6854337 du 09 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6854337"
    }
  ]
}

FKIE_CVE-2022-31690

Vulnerability from fkie_nvd - Published: 2022-10-31 20:15 - Updated: 2025-05-08 19:15

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@vmware.com	https://security.netapp.com/advisory/ntap-20221215-0010/	Third Party Advisory
security@vmware.com	https://tanzu.vmware.com/security/cve-2022-31690	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20221215-0010/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tanzu.vmware.com/security/cve-2022-31690	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	spring_security	*
vmware	spring_security	*
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B6D55EC-9C02-437C-B23E-537ACD7725CD",
              "versionEndExcluding": "5.6.9",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9ED79BC-5015-4198-8D9C-52EC2A150582",
              "versionEndExcluding": "5.7.5",
              "versionStartIncluding": "5.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token."
    },
    {
      "lang": "es",
      "value": "Spring Security, las versiones 5.7 anteriores a 5.7.5 y 5.6 anteriores a 5.6.9 y las versiones anteriores no compatibles podr\u00edan ser susceptibles a una escalada de privilegios bajo ciertas condiciones. Un usuario malicioso o un atacante puede modificar una solicitud iniciada por el Cliente (a trav\u00e9s del navegador) al Servidor de Autorizaci\u00f3n, lo que puede provocar una escalada de privilegios en la aprobaci\u00f3n posterior. Este escenario puede ocurrir si el Servidor de Autorizaci\u00f3n con OAuth2 Access Token Response que contiene una lista de alcance vac\u00eda (seg\u00fan RFC 6749, secci\u00f3n 5.1) en la solicitud posterior al extremo del token para obtener el token de acceso."
    }
  ],
  "id": "CVE-2022-31690",
  "lastModified": "2025-05-08T19:15:52.213",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-10-31T20:15:12.727",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-31690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-31690"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-31690

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-31690

Aliases

CVE-2022-31690

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-31690",
    "description": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.",
    "id": "GSD-2022-31690"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-31690"
      ],
      "details": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.",
      "id": "GSD-2022-31690",
      "modified": "2023-12-13T01:19:17.712884Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@vmware.com",
        "ID": "CVE-2022-31690",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Spring Security",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Spring Security (5.7 to 5.7.4 and 5.6 to 5.6.8 as well as older, unsupported versions)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Privilege Escalation in spring-security-oauth2-client"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://tanzu.vmware.com/security/cve-2022-31690",
            "refsource": "MISC",
            "url": "https://tanzu.vmware.com/security/cve-2022-31690"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20221215-0010/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[5.6.0,5.6.9),[5.7.0,5.7.5)",
          "affected_versions": "All versions starting from 5.6.0 before 5.6.9, all versions starting from 5.7.0 before 5.7.5",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-08-08",
          "description": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.",
          "fixed_versions": [
            "5.6.9",
            "5.7.5"
          ],
          "identifier": "CVE-2022-31690",
          "identifiers": [
            "CVE-2022-31690"
          ],
          "not_impacted": "All versions before 5.6.0, all versions starting from 5.6.9 before 5.7.0, all versions starting from 5.7.5",
          "package_slug": "maven/org.springframework.security/spring-security-core",
          "pubdate": "2022-10-31",
          "solution": "Upgrade to versions 5.6.9, 5.7.5 or above.",
          "title": "Improper Privilege Management",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-31690",
            "https://tanzu.vmware.com/security/cve-2022-31690"
          ],
          "uuid": "3b68c11b-a6fd-493a-9e40-480b2be499a1"
        },
        {
          "affected_range": "(,5.6.9),[5.7.0,5.7.5)",
          "affected_versions": "All versions before 5.6.9, all versions starting from 5.7.0 before 5.7.5",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-11-01",
          "description": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.",
          "fixed_versions": [
            "5.6.9",
            "5.7.5"
          ],
          "identifier": "CVE-2022-31690",
          "identifiers": [
            "GHSA-32vj-v39g-jh23",
            "CVE-2022-31690"
          ],
          "not_impacted": "All versions starting from 5.6.9 before 5.7.0, all versions starting from 5.7.5",
          "package_slug": "maven/org.springframework.security/spring-security-oauth2-client",
          "pubdate": "2022-11-01",
          "solution": "Upgrade to versions 5.6.9, 5.7.5 or above.",
          "title": "spring-security-oauth2-client vulnerable to Privilege Escalation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-31690",
            "https://tanzu.vmware.com/security/cve-2022-31690",
            "https://github.com/spring-projects/spring-security-samples/blob/4638e1e428ee2ddab234199eb3b67b9c94dfa08b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java#L48",
            "https://github.com/advisories/GHSA-32vj-v39g-jh23"
          ],
          "uuid": "e28b3f29-e5bf-4200-8ddd-d9a2ea3d23a1"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.9",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.7.5",
                "versionStartIncluding": "5.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2022-31690"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tanzu.vmware.com/security/cve-2022-31690",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2022-31690"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20221215-0010/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-01T16:36Z",
      "publishedDate": "2022-10-31T20:15Z"
    }
  }
}

GHSA-32VJ-V39G-JH23

Vulnerability from github – Published: 2022-11-01 12:00 – Updated: 2022-11-02 21:50

Summary

spring-security-oauth2-client vulnerable to Privilege Escalation

Details

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-oauth2-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.7.0"
            },
            {
              "fixed": "5.7.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-oauth2-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.6.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31690"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-01T17:27:45Z",
    "nvd_published_at": "2022-10-31T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.",
  "id": "GHSA-32vj-v39g-jh23",
  "modified": "2022-11-02T21:50:11Z",
  "published": "2022-11-01T12:00:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-security-samples/blob/4638e1e428ee2ddab234199eb3b67b9c94dfa08b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java#L48"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20221215-0010"
    },
    {
      "type": "WEB",
      "url": "https://tanzu.vmware.com/security/cve-2022-31690"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "spring-security-oauth2-client vulnerable to Privilege Escalation"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-31690 (GCVE-0-2022-31690)

CERTFR-2024-AVI-0240

Solution

CERTFR-2022-AVI-978

Solution

CERTFR-2023-AVI-0012

Solution

FKIE_CVE-2022-31690

GSD-2022-31690

GHSA-32VJ-V39G-JH23

Tags

Sightings

Nomenclature