What is CVE-2019-3778?

CVE-2019-3778 is a medium-severity vulnerability in Oracle Banking_corporate_lending, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.5/10. Published 2019-03-07.

How severe is CVE-2019-3778?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2019-3778 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Open Redirect in Oracle Banking_corporate_lending

CVE-2019-3778

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization co…

Vulnerability class: Open Redirect

EPSS: 0.156 (96.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Oracle Banking_corporate_lending — versions 14.1.0, 14.3.0, 14.4.0
Pivotal_software Spring_security_oauth
Spring Security Oauth — versions 2.3, 2.0, 2.1

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

Public proof-of-concept exploits

References

security_alert@emc.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security_alert@emc.com (Third Party Advisory, x_refsource_MISC)
security_alert@emc.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2019-3778?: CVE-2019-3778 is a medium-severity vulnerability in Oracle Banking_corporate_lending, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.5/10. Published 2019-03-07.
How severe is CVE-2019-3778?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2019-3778 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.