Home

CVE-2022-22970

Description

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.187

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-22970 are fixed in spring-beans 5.2.22Windows
Vulnerabilities CVE-2022-22970 are fixed in spring-beans 5.3.20Windows
Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.7Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.1.2Windows
Vulnerabilities CVE-2022-22970 are fixed in spring-beans for Linux 5.2.22Linux
Vulnerabilities CVE-2022-22970 are fixed in spring-beans for Linux 5.3.20Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234