Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).

Summary

Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).

Vulnerability Details

CVEID:CVE-2022-22950
**DESCRIPTION:**VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223096 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)

CVEID:CVE-2021-22096
**DESCRIPTION:**VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-22968
**DESCRIPTION:**Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224374 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2021-22060
**DESCRIPTION:**VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217183 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

In order to fix these vulnerabilities, Spring is to be upgraded to 5.3.19 version. The efix to resolve these vulnerabilities can only be applied on TADDM version 7.3.0.9 as per below given detailed steps. For customer at older TADDM Fixpack level (i.e., 7.3.0.8 or older), they need to first upgrade their TADDM environment to TADDM 7.3.0.9 level and then follow the step given below.

Detailed steps:

For TADDM 7.3.0.9, check if there is any previously applied eFixes in their TADDM environment.

1. If there is no prior efixes(ls -rlt etc/efix*) applied in their TADDM, then download the efix given in Table-1and apply the efix.
2. If there are existing efixes on TADDM (ls -rlt etc/efix*), please contact IBM Support and open a case for a custom version of the eFix as the efix involves TADDM code changes. Include the current eFix level (ls -rlt etc/efix*), TADDM version and a link to this bulletin in the Support Case

For any other TADDM fixpack level (i.e., 7.3.0.8 or older), to apply this bulletin, upgrade to TADDM 7.3.0.9 and then follow procedure as mentioned above for TADDM 7.3.0.9 .

Table-1

Fix|

VRMF

| APAR|How to acquire fix
—|—|—|—
efix_spring5.3.19_FP9211123.zip|

7.3.0.9

| None| Download eFix

Workarounds and Mitigations

None