CVE-2025-22216

{"id": "CVE-2025-22216", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-01-31T06:15:30.090", "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2025-22216-uaa-missing-zone-validation/", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones."}, {"lang": "es", "value": "Un UAA configurado con m\u00faltiples zonas de identidad no valida correctamente la informaci\u00f3n de la sesi\u00f3n en esas zonas. Un usuario autenticado con un IDP corporativo puede reutilizar su jsessionid para acceder a otras zonas."}], "lastModified": "2025-01-31T18:15:38.247", "sourceIdentifier": "[email protected]"}