CVE-2021-22112
First published: Tue Feb 23 2021(Updated: )
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pivotal Software Spring Security | <5.2.9 | |
| Pivotal Software Spring Security | >=5.3.0<5.3.8 | |
| Vmware Spring Security | >=5.4.0<5.4.4 | |
| Oracle Communications Element Manager | >=8.2.0<=8.2.4.0 | |
| Oracle Communications Interactive Session Recorder | =6.3 | |
| Oracle Communications Interactive Session Recorder | =6.4 | |
| Oracle Communications Unified Inventory Management | =7.4.1 | |
| Oracle Hospitality Cruise Shipboard Property Management System | =20.1.0 | |
| Oracle Insurance Policy Administration | =11.2.0 | |
| Oracle Insurance Policy Administration | =11.3.0 | |
| Oracle Mysql Enterprise Monitor | <=8.0.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2021/02/19/7
- https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
- https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
- https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
- https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
- https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
- https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
- https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
- https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
- https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
- https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
- https://tanzu.vmware.com/security/cve-2021-22112
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-22112.
What is the severity of CVE-2021-22112?
The severity of CVE-2021-22112 is critical.
Which versions of Spring Security are affected by CVE-2021-22112?
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, and 5.2.x prior to 5.2.9.RELEASE are affected.
How can the SecurityContext be saved in Spring Security?
The SecurityContext can be saved using the `SecurityContextHolder.setContext()` method.
How can I fix CVE-2021-22112 in Spring Security?
To fix CVE-2021-22112, upgrade to Spring Security 5.4.4, 5.3.8.RELEASE, or 5.2.9.RELEASE.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/author
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pivotal software
- canonical/pivotal software spring security
- version/pivotal software spring security/5.3.0
- vendor/vmware
- canonical/vmware spring security
- version/vmware spring security/5.4.0
- vendor/oracle
- canonical/oracle communications element manager
- version/oracle communications element manager/8.2.0
- version/oracle communications element manager/8.2.4.0
- canonical/oracle communications interactive session recorder
- version/oracle communications interactive session recorder/6.3
- version/oracle communications interactive session recorder/6.4
- canonical/oracle communications unified inventory management
- version/oracle communications unified inventory management/7.4.1
- canonical/oracle hospitality cruise shipboard property management system
- version/oracle hospitality cruise shipboard property management system/20.1.0
- canonical/oracle insurance policy administration
- version/oracle insurance policy administration/11.2.0
- version/oracle insurance policy administration/11.3.0
- canonical/oracle mysql enterprise monitor
- version/oracle mysql enterprise monitor/8.0.25