CVE-2023-22602 - Authentication Bypass

Severity: None2023-02-14

Security Advisories

Abstract

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching.

The Oxygen products incorporate Apache Shiro as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Web Author v25.0.2 and olderNone N/A
Oxygen Content Fusion v5.0.3 and olderNone N/A

Mitigation

None

Detail

CVE-2023-22602

Severity: High

CVSS Score: 7.5

The Apache Shiro third-party library used by Oxygen XML products is an affected version mentioned in CVE-2023-22602 vulnerability description. However, the Oxygen products does not use Apache Shiro with Spring Boot. For that reason, our products are not affected by this vulnerability.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Oxygen AI Positron: Your Helper in All Stages of Content Creation
May 8, 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor