[mitreid-connect] Security Status | OpenID-Connect-Java-Spring-Server | CVE-2021-26715

Pereira Roque Lino, Jose Eduardo jose.roque_lino at siemens.com
Mon Sep 6 11:31:21 EDT 2021


Dear MITREid Connect,

I'm reaching out as a member of the Siemens Vulnerability Monitoring (SVM)
team, responsible for informing Siemens customers and employees about
vulnerabilities affecting third-party components. We focus in vulnerability
analysis and reply mostly on public available information, without
reproducing reported exploits.

We are currently investigating a vulnerability with assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2021-26715. Further
details on the vulnerability can be found in this link
https://nvd.nist.gov/vuln/detail/CVE-2021-26715.

It is unclear to us, whether the vulnerability has been addressed in the
corresponding product:
• OpenID-Connect-Java-Spring-Server:
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server

Could you please shortly elaborate whether there are plans to publish a
release, which includes the fix, and when is the expected release date? This
information would help us to inform our users accordingly.

With best regards,
José Lino

Siemens S.A.
CYS DEF EU2
Rua Irmaos Siemens, 1
2720-093 Amadora, Portugal 
 <mailto:jose.roque_lino at siemens.com> mailto:jose.roque_lino at siemens.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20210906/6fb1a9e9/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 14975 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20210906/6fb1a9e9/attachment-0001.bin


More information about the mitreid-connect mailing list