Open Redirect in Oracle Banking_corporate_lending
CVE-2019-11269
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code…
Vulnerability class: Open Redirect
EPSS: 0.089 (94.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N.
Affected products
- Oracle Banking_corporate_lending — versions 14.1.0, 14.3.0, 14.4.0
- Pivotal_software Spring_security_oauth
- Spring Security Oauth — versions 2.2, 2.1, 2.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security@pivotal.io (Third Party Advisory, x_refsource_MISC)
- security@pivotal.io (x_refsource_CONFIRM, Vendor Advisory)
- security@pivotal.io (VDB Entry, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-11269?
- CVE-2019-11269 is a medium-severity vulnerability in Oracle Banking_corporate_lending, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 5.4/10. Published 2019-06-12.
- How severe is CVE-2019-11269?
- Medium severity. CVSS v3 base score is 5.4 out of 10.
- Is CVE-2019-11269 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.