CVE-2011-2731

medium

Description

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

References

http://www.securitytracker.com/id/1029151

http://support.springsource.com/security/cve-2011-2731

http://secunia.com/advisories/55155

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

Details

Source: Mitre, NVD

Published: 2012-12-05

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

EPSS

EPSS: 0.00295