CVE-2022-22970

Опубликовано: 12 мая 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 3.5

EPSS Низкий

Описание

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

Ссылки

https://security.netapp.com/advisory/ntap-20220616-0006/
Third Party Advisory
https://tanzu.vmware.com/security/cve-2022-22970
Mitigation
Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220616-0006/
Third Party Advisory
https://tanzu.vmware.com/security/cve-2022-22970
Mitigation
Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*

Версия до 5.2.21 (включая)

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*

Версия от 5.3.0 (включая) до 5.3.19 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00288

Низкий

5.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-770

Связанные уязвимости

CVE-2022-22970

CVSS3: 5.3

ubuntu

около 3 лет назад

CVE-2022-22970

CVSS3: 5.3

redhat

около 3 лет назад

CVE-2022-22970

CVSS3: 5.3

debian

около 3 лет назад

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...

GHSA-hh26-6xwr-ggv7

CVSS3: 7.5

github

около 3 лет назад

Denial of service in Spring Framework

EPSS

Процентиль: 52%

0.00288

Низкий

5.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-770