What is CVE-2019-11272?

CVE-2019-11272 is a vulnerability in Spring Security, classified under Improper Authentication. Published 2019-06-26.

Is CVE-2019-11272 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Spring Security

CVE-2019-11272

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder…

Vulnerability class: Broken Authentication

EPSS: 0.004 (61.5th percentile) — read the EPSS interpretation.

Affected products

Spring Security — versions 4.2

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

pivotal.io/security/cve-2019-11272 (x_refsource_CONFIRM)
[debian-lts-announce] 20190709 [SECURITY] [DLA 1848-1] libspring-security-2.0-java security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-11272?: CVE-2019-11272 is a vulnerability in Spring Security, classified under Improper Authentication. Published 2019-06-26.
Is CVE-2019-11272 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.