Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:8761
HistoryDec 14, 2022 - 1:14 p.m.

(RHSA-2022:8761) Moderate: Red Hat support for Spring Boot 2.7.2 update

2022-12-1413:14:18
access.redhat.com
18

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

71.0%

JSON

Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.

This release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.

Security Fix(es):

  • reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)

  • kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)

  • protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)

  • undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)

  • undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)

  • spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ubuntucve 5
veracode 8
prion 7
cve 7
redhatcve 7
debiancve 5
osv 15
nessus 26
redhat 35
spring 1
ibm 43
github 6
cgr 1
wolfi 1
broadcom 1
openvas 7
githubexploit 1
f5 2
atlassian 1
ics 1
thn 1
ubuntu 1
cert 1
suse 1
debian 1
rapid7blog 1
checkpoint_security 1
oracle 6
ubuntucve
ubuntucve
CVE-2022-1259
2022-08-31 00:00:00
CVE-2021-22569
2022-01-10 00:00:00
CVE-2022-22950
2022-04-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-10-05 22:30:11
Denial Of Service (DoS)
2022-04-07 12:06:55
Denial Of Service (DoS)
2022-06-01 09:52:03
prion
prion
Design/Logic Flaw
2022-08-31 16:15:00
Race condition
2022-04-01 23:15:00
Code injection
2022-01-10 14:10:00
cve
cve
CVE-2022-1259
2022-08-31 16:15:00
CVE-2022-22950
2022-04-01 23:15:00
CVE-2021-22569
2022-01-10 14:10:00
redhatcve
redhatcve
CVE-2022-1259
2022-04-06 13:21:25
CVE-2021-22569
2022-01-12 23:32:15
CVE-2022-22950
2022-03-28 21:07:31
debiancve
debiancve
CVE-2022-1259
2022-08-31 16:15:00
CVE-2022-22950
2022-04-01 23:15:00
CVE-2021-22569
2022-01-10 14:10:00
osv
osv
CVE-2022-1259
2022-08-31 16:15:09
CVE-2022-22950
2022-04-01 23:15:13
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
2022-07-21 22:35:12
nessus
nessus
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.7 Security update (Important) (RHSA-2022:6822)
2022-10-10 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.7 Security update (Important) (RHSA-2022:6821)
2022-10-10 00:00:00
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.7 Security update (Important) (RHSA-2022:6823)
2022-10-10 00:00:00
redhat
redhat
(RHSA-2022:6825) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
2022-10-05 16:33:49
(RHSA-2022:6823) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
2022-10-05 16:24:30
(RHSA-2022:6822) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
2022-10-05 16:24:18
spring
spring
CVE report published for Spring Framework
2022-03-28 08:00:00
ibm
ibm
Security Bulletin: A VMWare Tanzu Spring Vulerability Affects IBM OpenPages with Watson (CVE-2022-22950)
2023-07-28 16:47:11
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation with Spring Framework (CVE-2022-22950).
2023-01-12 21:59:00
Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22950, XFID:217968)
2022-05-13 17:08:13
github
github
Allocation of Resources Without Limits or Throttling in Spring Framework
2022-04-03 00:01:00
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
2022-07-21 22:35:12
A potential Denial of Service issue in protobuf-java
2022-01-07 22:31:44
cgr
cgr
CVE-2021-22569 vulnerabilities
2024-04-26 03:19:48
wolfi
wolfi
CVE-2021-22569 vulnerabilities
2024-04-26 03:16:27
broadcom
broadcom
Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL
2023-08-29 00:00:00
openvas
openvas
VMware Spring Framework < 5.2.20, 5.3.x < 5.3.17 DoS Vulnerability - Linux
2022-04-06 00:00:00
VMware Spring Framework < 5.2.20, 5.3.x < 5.3.17 DoS Vulnerability - Windows
2022-04-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3922-1)
2022-11-10 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Google Protobuf-Kotlin
2022-01-13 03:33:54
f5
f5
K000133686 : protobuf-java vulnerability CVE-2021-22569
2023-04-27 00:00:00
K11510688 : Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963
2022-03-31 00:00:00
atlassian
atlassian
com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:41
ics
ics
Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service
2022-10-13 12:00:00
thn
thn
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security
2022-03-31 05:52:00
ubuntu
ubuntu
Protocol Buffers vulnerabilities
2023-03-13 00:00:00
cert
cert
Spring Framework insecurely handles PropertyDescriptor objects with data binding
2022-03-31 00:00:00
suse
suse
Security update for protobuf (important)
2022-11-09 00:00:00
debian
debian
[SECURITY] [DLA 3393-1] protobuf security update
2023-04-18 07:12:21
rapid7blog
rapid7blog
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
2022-03-30 22:33:54
checkpoint_security
checkpoint_security
Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950
2022-03-30 21:41:02
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

71.0%

JSON
Related for RHSA-2022:8761
ubuntucve5veracode8prion7cve7redhatcve7debiancve5osv15nessus26redhat35spring1ibm43github6cgr1wolfi1broadcom1openvas7githubexploit1f52atlassian1ics1thn1ubuntu1cert1suse1debian1rapid7blog1checkpoint_security1oracle6