Lucene search
K

12 matches found

GithubExploit
GithubExploit
added 2024/11/19 9:36 p.m.474 views

Exploit for Allocation of Resources Without Limits or Throttling in Vmware Spring_Framework

Spring CVE-2022-22970 Proof of Concept This repo contains...

5.3CVSS6.8AI score0.01978EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 8:5 p.m.105 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Spring Framework (CVE-2022-22970)

Summary IBM Sterling B2B Integrator has addressed the denial of service security vulnerability in Spring Framework shipped with the product. Vulnerability Details CVEID:CVE-2022-22970 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling...

5.3CVSS6.9AI score0.01978EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2023/02/03 5:50 a.m.58 views

Jira Server/DC impacted by CVE-2022-22970 & CVE-2022-22971 via vulnerable version of Spring framework

Jira is not impacted no action is required as the vulnerability +cannot be exploited+. All Jira versions below 9.6 uses an affected version of Spring Framework, reason why the JRASERVER-74776 was published, however Jira +does not use the affected methods from the Spring+, hence +is not impacted+:...

6.5CVSS6.2AI score0.03126EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/09 6:38 p.m.179 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

8.1CVSS8.1AI score0.0714EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 10:39 p.m.62 views

Security Bulletin: IBM Sterling Control Center is vulnerable to denial of servicedue to Spring Framework (CVE-2022-22970)

Summary Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling of file uploads. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. IBM Sterling Control Center uses Spring...

6.8AI score0.01978EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2022/09/14 6:31 a.m.75 views

Synchrony Proxy: spring-beans 5.3.19 is vulnerable to CVE-2022-22970

h3. Issue Summary spring-beans is vulnerable to CVE-2022-22970 This is reproducible on Data Center: yes h3. Steps to Reproduce Install Confluence 7.13.9 Step 2 h3. Expected Results Expect that synchrony-proxy/WEB-INF/lib contains spring-beans-5.3.20.jar or higher h3. Actual Results...

5.3CVSS6.2AI score0.01978EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/25 7:50 a.m.77 views

Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework and Apache Commons(CVE-2022-22970,CVE-2022-22971,CVE-2022-33980)

Summary IBM Common Licensing is vulnerable to a remote code execution in Spring Framework CVE-2022-22970,CVE-2022-22971 as it does have Spring Framework versions 5.3.0 to 5.3.20, 5.2.0 to 5.2.22, and older versions. IBM Common Licensing is vulnerable to a remote code execution in Apache Commons...

9.8CVSS8.9AI score0.42646EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 2:18 a.m.46 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring Framework

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring Framework. Vulnerability Details CVEID: CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending...

6.5CVSS1.1AI score0.05666EPSS
Exploits3Affected Software1
Circl
Circl
added 2022/05/13 12:42 a.m.9 views

CVE-2022-22970

creationtimestamp| type| source ---|---|--- 2022-05-13 00:42:25+00:00| seen| https://t.me/cibsecurity/42562 2024-01-28 03:57:04+00:00| seen| https://t.me/arpsyndicate/3193...

5.3CVSS6.6AI score0.01978EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/05/13 12:0 a.m.7 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +41159 more potentially affected by CVE-2022-22970 via org.springframework:spring-beans (>=1.2 <=5.2.21.RELEASE)

org.springframework:spring-beans MAVEN version =1.2, =1.1, =1.3, =0.0.1, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.51 and more Source cves: CVE-2022-22970 Source advisory: OSV:GHSA-HH26-6XWR-GGV7...

5.3CVSS6.7AI score0.01978EPSS
Exploits1
OSV
OSV
added 2022/05/12 8:15 p.m.3 views

DEBIAN-CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...

5.3CVSS6.7AI score0.01978EPSS
Exploits1References1
CVE
CVE
added 2022/05/12 7:28 p.m.452 views

CVE-2022-22970

CVE-2022-22970 is described in IBM and related bulletins as a Spring Framework DoS via data binding of file-upload types (MultipartFile/javax.servlet.Part) when running on affected Spring Framework versions. The root cause involves binding such fields to model objects, enabling resource-exhaustio...

5.3CVSS5.6AI score0.01978EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder