Design/Logic Flaw

2022-01-1014:10:00

PRIOn knowledge base

www.prio-n.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

5.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

20.4%

JSON

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

CPENameOperatorVersion
communications_cloud_native_core_consoleeq1.9.0
communications_cloud_native_core_service_communication_proxyeq1.15.0
spring_frameworkge5.3.0
spring_frameworkle5.3.13
spring_frameworkge5.2.0
spring_frameworkle5.2.18

Name	Operator	Version
communications_cloud_native_core_console	eq	1.9.0
communications_cloud_native_core_service_communication_proxy	eq	1.15.0
spring_framework	ge	5.3.0
spring_framework	le	5.3.13
spring_framework	ge	5.2.0
spring_framework	le	5.2.18