Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-22968

Опубликовано: 14 апр. 2022
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Средний

Описание

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
Версия до 5.2.0 (исключая)
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
Версия от 5.2.0 (включая) до 5.2.20 (включая)
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
Версия от 5.3.0 (включая) до 5.3.18 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:metrocluster_tiebreaker:-:*:*:*:*:clustered_data_ontap:*:*
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
Конфигурация 3
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Версия до 8.0.29 (включая)

EPSS

Процентиль: 96%
0.22751
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-178

Связанные уязвимости

ubuntu логотип

CVE-2022-22968

CVSS3: 5.3
ubuntu
около 3 лет назад

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

redhat логотип

CVE-2022-22968

CVSS3: 5.3
redhat
около 3 лет назад

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

debian логотип

CVE-2022-22968

CVSS3: 5.3
debian
около 3 лет назад

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ...

github логотип

GHSA-g5mm-vmx4-3rg7

CVSS3: 7.5
github
около 3 лет назад

Improper handling of case sensitivity in Spring Framework

EPSS

Процентиль: 96%
0.22751
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-178