Vulnerability Description
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pivotal Software | Spring Security | < 5.2.9 |
| Vmware | Spring Security | >= 5.4.0, < 5.4.4 |
| Oracle | Communications Element Manager | >= 8.2.0, <= 8.2.4.0 |
| Oracle | Communications Interactive Session Recorder | 6.3 |
| Oracle | Communications Unified Inventory Management | 7.4.1 |
| Oracle | Hospitality Cruise Shipboard Property Management System | 20.1.0 |
| Oracle | Insurance Policy Administration | 11.2.0 |
| Oracle | Mysql Enterprise Monitor | <= 8.0.25 |
References
- http://www.openwall.com/lists/oss-security/2021/02/19/7Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196
- https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd27
- https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467
- https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb
- https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270c
- https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56
- https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a
- https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b3
- https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a340
- https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c1
- https://tanzu.vmware.com/security/cve-2021-22112Vendor Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
FAQ
What is CVE-2021-22112?
CVE-2021-22112 is a vulnerability with a CVSS score of 8.8 (HIGH). Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in...
How severe is CVE-2021-22112?
CVE-2021-22112 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22112?
Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Spring Security, Vmware Spring Security, Oracle Communications Element Manager, Oracle Communications Interactive Session Recorder, Oracle Communications Unified Inventory Management.