Home

CVE-2021-22096

Description

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.221

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-22096 are fixed in spring 5.2.18Windows
Vulnerabilities CVE-2021-22096 are fixed in spring 5.3.11Windows
Vulnerabilities CVE-2021-22096 are fixed in Springframework-core 5.3.11Windows
Vulnerabilities CVE-2021-22096 are fixed in Springframework-core 5.2.18Windows
Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.2Windows
Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.6Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.1.1Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.9Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1Windows
Vulnerabilities CVE-2021-22096 are fixed in spring for Linux 5.2.18Linux
Vulnerabilities CVE-2021-22096 are fixed in spring for Linux 5.3.11Linux
Vulnerabilities CVE-2021-22096 are fixed in Springframework-core for Linux 5.3.11Linux
Vulnerabilities CVE-2021-22096 are fixed in Springframework-core for Linux 5.2.18Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234