CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
39.8%
The past versions of TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.
According to the developer, this vulnerability is caused by an improper input validation issue (CWE-20) in the binding mechanism of Spring MVC.
By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.
Update the software
Update the software to the latest version according to the information provided by the developer.
Note that, additional workarounds may be required depending on the system environment.
For more information, refer to the information provided by the developer.
Apply the Workaround
If an update cannot be applied, the developer recommends users applying the workaround.
For more information, refer to the information provided by the developer.