Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-xgj8-mybf-uyae
Vulnerability ID VCID-xgj8-mybf-uyae
Aliases CVE-2019-11269
GHSA-mmf6-6597-3v6m
Summary Open Redirect in Spring Security OAuth
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 5.4 http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html
generic_textual MODERATE http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11269.json
epss 0.06347 https://api.first.org/data/v1/epss?cve=CVE-2019-11269
epss 0.06347 https://api.first.org/data/v1/epss?cve=CVE-2019-11269
epss 0.06347 https://api.first.org/data/v1/epss?cve=CVE-2019-11269
epss 0.06347 https://api.first.org/data/v1/epss?cve=CVE-2019-11269
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-mmf6-6597-3v6m
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2019-11269
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2019-11269
cvssv3.1 5.4 https://pivotal.io/security/cve-2019-11269
generic_textual MODERATE https://pivotal.io/security/cve-2019-11269
cvssv3.1 5.4 https://www.oracle.com/security-alerts/cpujan2021.html
generic_textual MODERATE https://www.oracle.com/security-alerts/cpujan2021.html
Reference id Reference type URL
http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11269.json
https://api.first.org/data/v1/epss?cve=CVE-2019-11269
1715771 https://bugzilla.redhat.com/show_bug.cgi?id=1715771
CVE-2019-11269 https://nvd.nist.gov/vuln/detail/CVE-2019-11269
CVE-2019-11269 https://pivotal.io/security/cve-2019-11269
CVE-2019-3778;CVE-2019-11269 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/47000.txt
GHSA-mmf6-6597-3v6m https://github.com/advisories/GHSA-mmf6-6597-3v6m
Data source Exploit-DB
Date added June 17, 2019
Description Spring Security OAuth - Open Redirector
Ransomware campaign use Unknown
Source publication date June 17, 2019
Exploit type webapps
Platform java
Source update date June 17, 2019
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11269.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11269
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://pivotal.io/security/cve-2019-11269
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://www.oracle.com/security-alerts/cpujan2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.91193
EPSS Score 0.06347
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:25:21.755808+00:00 GHSA Importer Import https://github.com/advisories/GHSA-mmf6-6597-3v6m 38.6.0