Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities
June 29, 2021Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
June 30, 2021Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities
June 29, 2021Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
June 30, 2021Severity
High
Analysis Summary
CVE-2021-22119
VMware Tanzu Spring Security is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted requests to initiate the Authorization Request for the Authorization Code Grant, a remote attacker could exploit this vulnerability to exhaust available system resources, and results in a denial of service condition.
Impact
- Denial of Service
Affected Vendors
VMware
Affected Products
- VMware Tanzu Spring Security 5.2
- VMware Tanzu Spring Security 5.3
- VMware Tanzu Spring Security 5.4
- VMware Tanzu Spring Security 5.5
Remediation
Upgrade to the latest version of Spring Security (5.2.11, 5.3.10, 5.4.7, 5.5.1 or later), available from the VMware Tanzu Web site. https://tanzu.vmware.com/security/cve-2021-22119