Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in VMware Spring Security



Published: 2020-06-01
Severity Medium
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2020-5408
CVE-2020-5407
CWE ID CWE-330
CWE-347
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Spring Security
Server applications / Frameworks for developing and running applications

Vendor VMware, Inc

Security Advisory

1) Use of insufficiently random values

Severity: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5408

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected software uses a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A remote authenticated attacker can derive the unencrypted values using a dictionary attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Spring Security: 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.2.13, 4.2.14, 4.2.15, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.3.0, 5.3.1

CPE External links

https://tanzu.vmware.com/security/cve-2020-5408
https://github.com/spring-projects/spring-security/issues/8317
https://github.com/spring-projects/spring-security/commit/d1909ec9c8844cfa6b63bab5c2591f14d714ef6b
https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-570204

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Verification of Cryptographic Signature

Severity: Medium

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-5407

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a signature wrapping issue during SAML response validation when using the "spring-security-saml2-service-provider" component. A remote authenticated attacker can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Spring Security: 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.3.0, 5.3.1

CPE External links

https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7@%3Cissues.servicemix.apache.org%3E
https://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c@%3Cdev.geode.apache.org%3E
https://tanzu.vmware.com/security/cve-2020-5407
https://github.com/spring-projects/spring-security/tree/5.2.3.RELEASE/samples/boot/saml2login
https://docs.spring.io/spring-security/site/docs/5.2.3.RELEASE/reference/html5/#saml2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.