First published: Tue Apr 09 2019(Updated: )
Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. A remote attacker could exploit this vulnerability to launch further attacks on the system.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM GDE | <=3.0.0.2 | |
Vmware Spring Security | >=4.2.0<4.2.12 | |
Vmware Spring Security | >=5.0.0<5.0.12 | |
Vmware Spring Security | >=5.1.0<5.1.5 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3795 is a vulnerability in Pivotal Spring Security that could provide weaker than expected security due to an insecure randomness vulnerability.
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 are affected by CVE-2019-3795.
In order to be impacted by CVE-2019-3795, an honest application must provide a seed and make use of SecureRandomFactoryBean#setSeed to configure a SecureRandom instance.
CVE-2019-3795 has a severity rating of 6.5 (medium).
To fix CVE-2019-3795, update to Spring Security versions 4.2.12, 5.0.12, or 5.1.5 or later.