Description
Vulnerable Package issue exists @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE in branch main
Spring Security before version 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
Namespace: diogopcx
Repository: CheckmarxDemo
Repository Url: https://github.com/diogopcx/CheckmarxDemo
CxAST-Project: diogopcx/CheckmarxDemo
CxAST platform scan: 7c4b2830-cd3c-4f07-8ef3-0db21b4eb89d
Branch: main
Application: CheckmarxDemo
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
CWE: CWE-330
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 4.0.0.M2