5.3
CVE-2022-22970
- EPSS 0.18%
- Published 12.05.2022 20:15:15
- Last modified 21.11.2024 06:47:42
- Source security@vmware.com
- Teams watchlist Login
- Open Login
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Spring Framework Version <= 5.2.21
VMware ≫ Spring Framework Version >= 5.3.0 <= 5.3.19
Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.2.0
Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.3.0
Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows
Netapp ≫ Brocade San Navigator Version-
Netapp ≫ Cloud Secure Agent Version-
Netapp ≫ Oncommand Insight Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.405 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:N/A:P
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.