Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-22968
HistoryApr 14, 2022 - 12:00 a.m.

CVE-2022-22968

2022-04-1400:00:00
ubuntu.com
ubuntu.com
14

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

27.0%

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older
unsupported versions, the patterns for disallowedFields on a DataBinder are
case sensitive which means a field is not effectively protected unless it
is listed with both upper and lower case for the first character of the
field, including upper and lower case for the first character of all nested
fields within the property path.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

27.0%

Related for UB:CVE-2022-22968