Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2022-22968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitiv...

5.3CVSS6.7AI score0.05666EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2024/10/18 6:30 a.m.159 views

Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS6.6AI score0.00631EPSS
Exploits1References6Affected Software2
NVD
NVD
added 2024/10/18 6:15 a.m.50 views

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS0.00631EPSS
Exploits1References2
OSV
OSV
added 2024/10/18 5:39 a.m.64 views

CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

3.1CVSS6.7AI score0.00631EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2024/10/18 5:39 a.m.31 views

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS6.2AI score0.00631EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.170 views

K35802610: Multiple MySQL vulnerabilities CVE-2022-21569, CVE-2022-21824, CVE-2022-22968, CVE-2022-27778

Security Advisory Description CVE-2022-21569 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...

8.2CVSS5.9AI score0.21514EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/09 6:38 p.m.179 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

8.1CVSS8.1AI score0.0714EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 2:18 a.m.46 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring Framework

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring Framework. Vulnerability Details CVEID: CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending...

6.5CVSS1.1AI score0.05666EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2022/06/16 2:52 p.m.282 views

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.0 release and security update

Red Hat AMQ Broker 7.10.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.1CVSS7AI score0.05666EPSS
Exploits6References10
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/10 5:17 a.m.55 views

Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).

Summary There are multiple vulnerabilities in Spring Framework CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950 as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web...

9.8CVSS9.4AI score0.99677EPSS
Exploits105Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 7:16 a.m.41 views

Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968)

Summary IBM Common Licensing is vulnerable to a remote code execution in Spring Framework CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968 as it does have Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Framework version 5.3.19...

6.5CVSS1.6AI score0.35834EPSS
Exploits2Affected Software1
GithubExploit
GithubExploit
added 2022/05/12 6:25 p.m.909 views

Exploit for Improper Handling of Case Sensitivity in Vmware Spring_Framework

spring-rce-poc Testing CVE-2022-22968 Simple app vulnerable...

5.3CVSS6.4AI score0.05666EPSS
Exploits2
Circl
Circl
added 2022/04/15 12:23 a.m.2 views

CVE-2022-22968

creationtimestamp| type| source ---|---|--- 2022-04-15 00:23:46+00:00| seen| https://t.me/cibsecurity/40833 2022-05-12 18:30:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2177 2022-05-13 02:27:01+00:00| published-proof-of-concept| https://t.me/BlueRedTeam/2071 2024-10-18...

5.3CVSS6.5AI score0.05666EPSS
Exploits2References4
vulnersOsv
vulnersOsv
added 2022/04/15 12:0 a.m.5 views

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +10774 more potentially affected by CVE-2022-22968 via org.springframework:spring-context (>=5.3.0 <=5.3.18)

org.springframework:spring-context MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2022-22968 Source advisory: OSV:GHSA-G5MM-VMX4-3RG7...

5.3CVSS6.7AI score0.05666EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2022/04/14 9:15 p.m.55 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS6.8AI score0.05666EPSS
Exploits2References2
CVE
CVE
added 2022/04/14 8:5 p.m.301 views

CVE-2022-22968

CVE-2022-22968 affects Spring Framework where DataBinder’s disallowedFields patterns are case sensitive in versions 5.3.0–5.3.18, 5.2.0–5.2.20, and older unsupported releases. The issue means a field is not fully protected unless every first character (and nested path) is listed in both uppercase...

5.3CVSS5.4AI score0.05666EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2022/04/14 8:54 a.m.302 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS3.7AI score0.05666EPSS
Exploits2References4
Spring Security Advisories
Spring Security Advisories
added 2022/04/13 1:0 p.m.1041 views

Spring Framework Data Binding Rules Vulnerability (CVE-2022-22968)

Table of Contents Overview Does This Affect My Application? Reassessing Your Data Binding Approach Overview While investigating the Spring Framework RCE vulnerability CVE-2022-22965 and the suggested workaround, we realized that the disallowedFields configuration setting on WebDataBinder is not...

7.5CVSS0.9AI score0.99677EPSS
Exploits105
Rows per page
Query Builder