CVE-2021-22096

Опубликовано: 28 окт. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Ссылки

https://security.netapp.com/advisory/ntap-20211125-0005/
Third Party Advisory
https://tanzu.vmware.com/security/cve-2021-22096
Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211125-0005/
Third Party Advisory
https://tanzu.vmware.com/security/cve-2021-22096
Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*

Версия от 5.2.0 (включая) до 5.2.17 (включая)

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*

Версия от 5.3.0 (включая) до 5.3.10 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:metrocluster_tiebreaker:-:*:*:*:*:clustered_data_ontap:*:*

cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00159

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-117

NVD-CWE-Other

Связанные уязвимости

CVE-2021-22096

CVSS3: 4.3

ubuntu

больше 3 лет назад

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

CVE-2021-22096

CVSS3: 4.3

redhat

больше 3 лет назад

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

CVE-2021-22096

CVSS3: 4.3

debian

больше 3 лет назад

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older ...

GHSA-rfmp-97jj-h8m6

CVSS3: 4.3

github

около 3 лет назад

Improper Output Neutralization for Logs in Spring Framework

EPSS

Процентиль: 38%

0.00159

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-117

NVD-CWE-Other