Published: 27/05/2021 Updated: 25/10/2022

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

In Spring Framework, versions 5.2.x before 5.2.15 and versions 5.3.x before 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring framework
oracle retail order broker 16.0
oracle retail predictive application server 15.0.3
oracle enterprise data quality 12.2.1.3.0
oracle retail assortment planning 16.0
oracle retail financial integration 16.0.3
oracle communications network integrity 7.3.6
oracle retail integration bus 16.0.3
oracle insurance rules palette 11.0.2
oracle insurance rules palette 11.1.0
oracle commerce guided search 11.3.2
oracle communications element manager
oracle communications interactive session recorder 6.4
oracle communications unified inventory management 7.4.1
oracle documaker
oracle enterprise data quality 12.2.1.4.0
oracle healthcare data repository 8.1.0
oracle insurance policy administration
oracle mysql enterprise monitor
oracle retail customer management and segmentation foundation
oracle communications brm - elastic charging engine 12.0.0.3
oracle communications session report manager
oracle communications session route manager
oracle retail financial integration 14.1.3.2
oracle retail integration bus 14.1.3.2
oracle retail integration bus 15.0.3.1
oracle retail merchandising system 19.0.1
oracle retail predictive application server 14.1.3
oracle communications cloud native core binding support function 1.9.0
oracle communications cloud native core policy 1.14.0
oracle communications cloud native core security edge protection proxy 1.6.0
oracle communications cloud native core service communication proxy 1.14.0
oracle communications cloud native core unified data repository 1.14.0
oracle communications unified inventory management 7.4.2
oracle communications unified inventory management 7.5.0
oracle financial services analytical applications infrastructure
oracle insurance rules palette 11.2.7
oracle insurance rules palette 11.3.0
oracle insurance rules palette 11.3.1
oracle retail financial integration 15.0.3.1
oracle retail predictive application server 16.0.3
oracle utilities testing accelerator 6.0.0.1.1
oracle utilities testing accelerator 6.0.0.2.2
oracle utilities testing accelerator 6.0.0.3.1
oracle communications diameter intelligence hub
netapp hci -
netapp management services for element software -

In Spring Framework, versions 52x prior to 5215 and versions 53x prior to 537, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with m ...

CWE-668 https://tanzu.vmware.com/security/cve-2021-22118 https://security.netapp.com/advisory/ntap-20210713-0005/https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-22118

CVE-2021-22118

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect