CVE-2019-3778
First published: Thu Mar 07 2019(Updated: )
Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in authorization endpoint. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM GDE | <=3.0.0.2 | |
| Pivotal Software Spring Security Oauth | >=2.0.0<2.0.17 | |
| Pivotal Software Spring Security Oauth | >=2.1.0<2.1.4 | |
| Pivotal Software Spring Security Oauth | >=2.2.0<2.2.4 | |
| Pivotal Software Spring Security Oauth | >=2.3.0<2.3.5 | |
| Oracle Banking Corporate Lending | =14.1.0 | |
| Oracle Banking Corporate Lending | =14.3.0 | |
| Oracle Banking Corporate Lending | =14.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/158330
- https://www.ibm.com/support/pages/node/6320835 (Advisory)
- http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html
- http://www.securityfocus.com/bid/107153
- https://pivotal.io/security/cve-2019-3778
- https://www.oracle.com/security-alerts/cpujan2021.html
Frequently Asked Questions
What is the severity of CVE-2019-3778?
The severity of CVE-2019-3778 is high with a severity value of 7.4.
How does CVE-2019-3778 allow phishing attacks?
CVE-2019-3778 allows phishing attacks through an open redirector vulnerability that can leak an authorization code.
Which versions of Spring Security OAuth are affected by CVE-2019-3778?
Spring Security OAuth versions 2.3 to 2.3.5, 2.2 to 2.2.4, 2.1 to 2.1.4, and 2.0 to 2.0.17 are affected by CVE-2019-3778.
How can a malicious user or attacker exploit CVE-2019-3778?
A malicious user or attacker can craft a request to exploit the open redirector vulnerability in CVE-2019-3778.
Where can I find more information about CVE-2019-3778?
You can find more information about CVE-2019-3778 at the following references: [Packet Storm Security](http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html), [SecurityFocus](http://www.securityfocus.com/bid/107153), [Pivotal](https://pivotal.io/security/cve-2019-3778).
- collector/ibm-support
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm gde
- version/ibm gde/3.0.0.2
- vendor/pivotal software
- canonical/pivotal software spring security oauth
- version/pivotal software spring security oauth/2.0.0
- version/pivotal software spring security oauth/2.1.0
- version/pivotal software spring security oauth/2.2.0
- version/pivotal software spring security oauth/2.3.0
- vendor/oracle
- canonical/oracle banking corporate lending
- version/oracle banking corporate lending/14.1.0
- version/oracle banking corporate lending/14.3.0
- version/oracle banking corporate lending/14.4.0