Lucene search

[email protected]NVD:CVE-2021-22118

HistoryMay 27, 2021 - 3:15 p.m.

CVE-2021-22118

2021-05-2715:15:07

CWE-269

CWE-668

[email protected]

web.nvd.nist.gov

spring framework

webflux

privilege escalation

vulnerable

file upload

multipart request

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.1%

JSON

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Affected configurations

Nvd

Node

vmwarespring_frameworkRange5.2.0–5.2.15

vmwarespring_frameworkRange5.3.0–5.3.7

Node

oraclecommerce_guided_searchMatch11.3.2

oraclecommunications_brm_-_elastic_charging_engineMatch12.0.0.3

oraclecommunications_cloud_native_core_binding_support_functionMatch1.9.0

oraclecommunications_cloud_native_core_policyMatch1.14.0

oraclecommunications_cloud_native_core_security_edge_protection_proxyMatch1.6.0

oraclecommunications_cloud_native_core_service_communication_proxyMatch1.14.0

oraclecommunications_cloud_native_core_unified_data_repositoryMatch1.14.0

oraclecommunications_diameter_intelligence_hubRange8.0.0–8.1.0

oraclecommunications_diameter_intelligence_hubRange8.2.0–8.2.3

oraclecommunications_element_managerRange8.2.0–8.2.4.0

oraclecommunications_interactive_session_recorderMatch6.4

oraclecommunications_network_integrityMatch7.3.6

oraclecommunications_session_report_managerRange8.0.0–8.2.4.0

oraclecommunications_session_route_managerRange8.0.0–8.2.4.0

oraclecommunications_unified_inventory_managementMatch7.4.1

oraclecommunications_unified_inventory_managementMatch7.4.2

oraclecommunications_unified_inventory_managementMatch7.5.0

oracledocumakerRange12.6.0–12.6.4

oracleenterprise_data_qualityMatch12.2.1.3.0

oracleenterprise_data_qualityMatch12.2.1.4.0

oraclefinancial_services_analytical_applications_infrastructureRange8.0.8–8.1.1

oraclehealthcare_data_repositoryMatch8.1.0

oracleinsurance_policy_administrationRange11.0–11.3.1

oracleinsurance_rules_paletteMatch11.0.2

oracleinsurance_rules_paletteMatch11.1.0

oracleinsurance_rules_paletteMatch11.2.7

oracleinsurance_rules_paletteMatch11.3.0

oracleinsurance_rules_paletteMatch11.3.1

oraclemysql_enterprise_monitorRange≤8.0.25

oracleretail_assortment_planningMatch16.0

oracleretail_customer_management_and_segmentation_foundationRange16.0–19.0

oracleretail_financial_integrationMatch14.1.3.2

oracleretail_financial_integrationMatch15.0.3.1

oracleretail_financial_integrationMatch16.0.3

oracleretail_integration_busMatch14.1.3.2

oracleretail_integration_busMatch15.0.3.1

oracleretail_integration_busMatch16.0.3

oracleretail_merchandising_systemMatch19.0.1

oracleretail_order_brokerMatch16.0

oracleretail_predictive_application_serverMatch14.1.3

oracleretail_predictive_application_serverMatch15.0.3

oracleretail_predictive_application_serverMatch16.0.3

oracleutilities_testing_acceleratorMatch6.0.0.1.1

oracleutilities_testing_acceleratorMatch6.0.0.2.2

oracleutilities_testing_acceleratorMatch6.0.0.3.1

Node

netapphciMatch-

netappmanagement_services_for_element_softwareMatch-

VendorProductVersionCPE
vmwarespring_framework*cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
oraclecommerce_guided_search11.3.2cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
oraclecommunications_brm_-_elastic_charging_engine12.0.0.3cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_binding_support_function1.9.0cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_policy1.14.0cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_security_edge_protection_proxy1.6.0cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_service_communication_proxy1.14.0cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_unified_data_repository1.14.0cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*
oraclecommunications_diameter_intelligence_hub*cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
oraclecommunications_element_manager*cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	spring_framework	*	cpe:2.3:a:vmware:spring_framework::::::::
oracle	commerce_guided_search	11.3.2	cpe:2.3:a:oracle:commerce_guided_search:11.3.2:::::::*
oracle	communications_brm_-_elastic_charging_engine	12.0.0.3	cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:::::::*
oracle	communications_cloud_native_core_binding_support_function	1.9.0	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:::::::*
oracle	communications_cloud_native_core_policy	1.14.0	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:::::::*
oracle	communications_cloud_native_core_security_edge_protection_proxy	1.6.0	cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:::::::*
oracle	communications_cloud_native_core_service_communication_proxy	1.14.0	cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:::::::*
oracle	communications_cloud_native_core_unified_data_repository	1.14.0	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:::::::*
oracle	communications_diameter_intelligence_hub	*	cpe:2.3:a:oracle:communications_diameter_intelligence_hub::::::::
oracle	communications_element_manager	*	cpe:2.3:a:oracle:communications_element_manager::::::::