CVE-2019-3795

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
References
Link Resource
https://pivotal.io/security/cve-2019-3795 Vendor Advisory
http://www.securityfocus.com/bid/107802 Third Party Advisory VDB Entry
https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Information

Published : 2019-04-09 04:29

Updated : 2021-11-02 08:18


NVD link : CVE-2019-3795

Mitre link : CVE-2019-3795

Products Affected
No products.
CWE