CVE-2024-22258 | Vmware Spring Authorization Server up to 1.0.5/1.1.5/1.2.2 PKCE downgrade

Inserito da Angelo Barbosa | Mar 20, 2024 | CVE

A vulnerability was found in Vmware Spring Authorization Server up to 1.0.5/1.1.5/1.2.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component PKCE Handler. The manipulation leads to algorithm downgrade.

This vulnerability is known as CVE-2024-22258. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-22258 | Vmware Spring Authorization Server up to 1.0.5/1.1.5/1.2.2 PKCE downgrade

Post correlati

CVE-2023-47827 | NicheAddons Events Addon for Elementor Plugin up to 2.1.3 on WordPress authorization

CVE-2024-36233 | Adobe Experience Manager up to 6.5.20 cross site scripting (apsb24-28)

CVE-2024-24904 | Dell Secure Connect Gateway prior 5.22.00.16 Trusted Application Data Store cross site scripting (dsa-2024-077)

CVE-2024-32884 | Byron gitoxide up to 0.34.x/0.41.x/0.61.x Username command injection (GHSA-98p4-xjmm-8mfh)