5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
27.7%
The VMware Spring Framework is prone to a data binding rules
vulnerability.
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:vmware:spring_framework";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.113905");
script_version("2024-01-23T05:05:19+0000");
script_tag(name:"last_modification", value:"2024-01-23 05:05:19 +0000 (Tue, 23 Jan 2024)");
script_tag(name:"creation_date", value:"2022-04-19 10:56:39 +0000 (Tue, 19 Apr 2022)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-05-10 18:49:00 +0000 (Tue, 10 May 2022)");
script_cve_id("CVE-2022-22968");
script_name("VMware Spring Framework < 5.2.21, 5.3.x < 5.3.19 Data Binding Rules Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_vmware_spring_framework_consolidation.nasl");
script_mandatory_keys("vmware/spring/framework/detected");
script_xref(name:"URL", value:"https://tanzu.vmware.com/security/cve-2022-22968");
script_xref(name:"URL", value:"https://spring.io/blog/2022/04/13/spring-framework-data-binding-rules-vulnerability-cve-2022-22968");
script_tag(name:"summary", value:"The VMware Spring Framework is prone to a data binding rules
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"In Spring Framework the patterns for disallowedFields on a
DataBinder are case sensitive which means a field is not effectively protected unless it is listed
with both upper and lower case for the first character of the field, including upper and lower
case for the first character of all nested fields within the property path.");
script_tag(name:"affected", value:"VMware Spring Framework versions prior to 5.2.21 and 5.3.x
prior to 5.3.19.
The following are the requirements for an environment to be affected to this specific
vulnerability:
- Registration of 'disallowed field patterns' in a 'DataBinder'
- spring-webmvc or spring-webflux dependency
- an affected version of the Spring Framework");
script_tag(name:"solution", value:"Update to version 5.2.21, 5.3.19 or later.");
# nb: See affected tag for specific constraints / requirements for being vulnerable.
script_tag(name:"qod_type", value:"executable_version_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( isnull( port = get_app_port( cpe:CPE ) ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_is_less( version:version, test_version:"5.2.21" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"5.2.21/5.3.19", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
if( version_in_range_exclusive( version:version, test_version_lo:"5.3.0", test_version_up:"5.3.19" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"5.3.19", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
27.7%