[mitreid-connect] Security Status | OpenID-Connect-Java-Spring-Server | CVE-2021-26715
Pereira Roque Lino, Jose Eduardo
jose.roque_lino at siemens.com
Mon Sep 6 11:31:21 EDT 2021
Dear MITREid Connect,
I'm reaching out as a member of the Siemens Vulnerability Monitoring (SVM)
team, responsible for informing Siemens customers and employees about
vulnerabilities affecting third-party components. We focus in vulnerability
analysis and reply mostly on public available information, without
reproducing reported exploits.
We are currently investigating a vulnerability with assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2021-26715. Further
details on the vulnerability can be found in this link
https://nvd.nist.gov/vuln/detail/CVE-2021-26715.
It is unclear to us, whether the vulnerability has been addressed in the
corresponding product:
• OpenID-Connect-Java-Spring-Server:
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
Could you please shortly elaborate whether there are plans to publish a
release, which includes the fix, and when is the expected release date? This
information would help us to inform our users accordingly.
With best regards,
José Lino
Siemens S.A.
CYS DEF EU2
Rua Irmaos Siemens, 1
2720-093 Amadora, Portugal
<mailto:jose.roque_lino at siemens.com> mailto:jose.roque_lino at siemens.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20210906/6fb1a9e9/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 14975 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20210906/6fb1a9e9/attachment-0001.bin
More information about the mitreid-connect
mailing list