Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/03/22 4:5 p.m.33 views

Security Bulletin: Vulnerability in Spring Data MongoDB might affect IBM Storage Copy Data Management. [CVE-2022-22980]

Summary IBM Storage Copy Data Management can be affected by a vulnerability in Spring Data MongoDB. A remote attacker could exploit this vulnerability to execute arbitrary code on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-2298...

9.8CVSS9.6AI score0.16903EPSS
Exploits3Affected Software1
GithubExploit
GithubExploit
added 2022/07/13 2:7 p.m.10 views

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

Springcve-2022-22980 spring data mongodb remote code executio...

9.8CVSS9AI score0.16903EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/06/24 12:0 a.m.7 views

cn.airfei.air-core:core (=3.0.0), com.alpactech:mt-mongo (=1.0.0) +40 more potentially affected by CVE-2022-22980 via org.springframework.data:spring-data-mongodb (=3.4.0)

org.springframework.data:spring-data-mongodb MAVEN version =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.data:spring-data-mongodb and may be impacted: - cn.airfei.air-core:core =3.0.0 - com.alpactech:mt-mongo =1.0.0 -...

9.8CVSS7.1AI score0.16903EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.7 views

CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

9.8CVSS7.2AI score0.16903EPSS
Exploits3References2
CVE
CVE
added 2022/06/22 1:56 p.m.783 views

CVE-2022-22980

CVE-2022-22980 is a SpEL injection flaw in Spring Data MongoDB where @Query/@Aggregation queries containing parameter placeholders can be exploited if input isn’t sanitized. Public advisories (VMware/Spring/TENABLE, IBM, Red Hat, OSV) confirm remote code execution risk and provide fixes: upgrade ...

9.8CVSS9.4AI score0.16903EPSS
Exploits3References1Affected Software1
GithubExploit
GithubExploit
added 2022/06/21 11:39 a.m.524 views

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

CVE-2022-22980 A local based poc of CVE-2022-22980, for the d...

9.8CVSS8.5AI score0.16903EPSS
Exploits3
Spring Security Advisories
Spring Security Advisories
added 2022/06/20 12:39 p.m.146 views

Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)

Updates 06-20 CVE-2022-22980 is published 06-20 Spring Data MongoDB 3.4.1 and 3.3.5 are available Table of Contents Overview Vulnerability Am I Impacted Status Suggested Workarounds Overview We would like to announce that we have released Spring Data MongoDB 3.4.1 and 3.3.5 to address the followi...

6.8CVSS1.1AI score0.16903EPSS
Exploits3
Rows per page
Query Builder