In Spring Framework, versions 5.2.x before 5.2.15 and versions 5.3.x before 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware spring framework |
||
oracle retail order broker 16.0 |
||
oracle retail predictive application server 15.0.3 |
||
oracle enterprise data quality 12.2.1.3.0 |
||
oracle retail assortment planning 16.0 |
||
oracle retail financial integration 16.0.3 |
||
oracle communications network integrity 7.3.6 |
||
oracle retail integration bus 16.0.3 |
||
oracle insurance rules palette 11.0.2 |
||
oracle insurance rules palette 11.1.0 |
||
oracle commerce guided search 11.3.2 |
||
oracle communications element manager |
||
oracle communications interactive session recorder 6.4 |
||
oracle communications unified inventory management 7.4.1 |
||
oracle documaker |
||
oracle enterprise data quality 12.2.1.4.0 |
||
oracle healthcare data repository 8.1.0 |
||
oracle insurance policy administration |
||
oracle mysql enterprise monitor |
||
oracle retail customer management and segmentation foundation |
||
oracle communications brm - elastic charging engine 12.0.0.3 |
||
oracle communications session report manager |
||
oracle communications session route manager |
||
oracle retail financial integration 14.1.3.2 |
||
oracle retail integration bus 14.1.3.2 |
||
oracle retail integration bus 15.0.3.1 |
||
oracle retail merchandising system 19.0.1 |
||
oracle retail predictive application server 14.1.3 |
||
oracle communications cloud native core binding support function 1.9.0 |
||
oracle communications cloud native core policy 1.14.0 |
||
oracle communications cloud native core security edge protection proxy 1.6.0 |
||
oracle communications cloud native core service communication proxy 1.14.0 |
||
oracle communications cloud native core unified data repository 1.14.0 |
||
oracle communications unified inventory management 7.4.2 |
||
oracle communications unified inventory management 7.5.0 |
||
oracle financial services analytical applications infrastructure |
||
oracle insurance rules palette 11.2.7 |
||
oracle insurance rules palette 11.3.0 |
||
oracle insurance rules palette 11.3.1 |
||
oracle retail financial integration 15.0.3.1 |
||
oracle retail predictive application server 16.0.3 |
||
oracle utilities testing accelerator 6.0.0.1.1 |
||
oracle utilities testing accelerator 6.0.0.2.2 |
||
oracle utilities testing accelerator 6.0.0.3.1 |
||
oracle communications diameter intelligence hub |
||
netapp hci - |
||
netapp management services for element software - |