CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
17.1%
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
Vendor | Product | Version | CPE |
---|---|---|---|
vmware | spring_framework | * | cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* |
oracle | commerce_guided_search | 11.3.2 | cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:* |
oracle | communications_brm_-_elastic_charging_engine | 12.0.0.3 | cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:* |
oracle | communications_cloud_native_core_binding_support_function | 1.9.0 | cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:* |
oracle | communications_cloud_native_core_policy | 1.14.0 | cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* |
oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.6.0 | cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:* |
oracle | communications_cloud_native_core_service_communication_proxy | 1.14.0 | cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:* |
oracle | communications_cloud_native_core_unified_data_repository | 1.14.0 | cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:* |
oracle | communications_diameter_intelligence_hub | * | cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:* |
oracle | communications_element_manager | * | cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:* |
security.netapp.com/advisory/ntap-20210713-0005/
tanzu.vmware.com/security/cve-2021-22118
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpujul2022.html
www.oracle.com/security-alerts/cpuoct2021.html
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
17.1%