Multiple vulnerabilities in VMware Spring Security
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-5408 CVE-2020-5407 |
| CWE-ID | CWE-330 CWE-347 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Spring Security Server applications / Frameworks for developing and running applications |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Use of insufficiently random values
EUVDB-ID: #VU28463
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5408
CWE-ID:
CWE-330 - Use of Insufficiently Random Values
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected software uses a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A remote authenticated attacker can derive the unencrypted values using a dictionary attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpring Security: 4.2.0 - 5.3.1
External linkshttp://tanzu.vmware.com/security/cve-2020-5408
http://github.com/spring-projects/spring-security/issues/8317
http://github.com/spring-projects/spring-security/commit/d1909ec9c8844cfa6b63bab5c2591f14d714ef6b
http://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-570204
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU28464
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5407
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a signature wrapping issue during SAML response validation when using the "spring-security-saml2-service-provider" component. A remote authenticated attacker can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpring Security: 5.2.0 - 5.3.1
External linkshttp://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7@%3Cissues.servicemix.apache.org%3E
http://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a@%3Cdev.geode.apache.org%3E
http://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c@%3Cdev.geode.apache.org%3E
http://tanzu.vmware.com/security/cve-2020-5407
http://github.com/spring-projects/spring-security/tree/5.2.3.RELEASE/samples/boot/saml2login
http://docs.spring.io/spring-security/site/docs/5.2.3.RELEASE/reference/html5/#saml2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
