Published: 14/04/2022 Updated: 19/10/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring framework
netapp snap creator framework -
netapp snapmanager -
netapp active iq unified manager -
netapp metrocluster tiebreaker -
netapp cloud secure agent -
oracle mysql enterprise monitor

Synopsis Important: Red Hat AMQ Broker 7100 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Broker 7100 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

In Spring Framework versions 530 - 5318, 520 - 5220, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first chara ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2020-36518, CVE-2021-43797, CVE-2022-0839, CVE-2022-22968 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-10172, CVE-2020-27218, CVE-2021-4133, CVE-2021-22060, CVE-2021-22096, CVE-2021-30468, CVE-2021-37136, CVE-2021-37137, CVE-2021-37714, CVE-2021-40690, CVE-2021-42575, CVE-2022-22968 Affected products and versions are listed below Please upgrade your version ...

Testing CVE-2022-22968

spring-rce-poc Testing CVE-2022-22968 Simple app vulnerable to CVE-2022-22968 Dockerfile could be used to build it on vulnerable version of Tomcat (9059) exploitsh is a shell script which is trying to exploit this cve on 8080 port of localhost If attack with exploitsh was succesfull, on context of localhost:8080/shelljsp on a target app should be accessible simple

CWE-178 https://tanzu.vmware.com/security/cve-2022-22968 https://security.netapp.com/advisory/ntap-20220602-0004/https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/errata/RHSA-2022:5101 https://nvd.nist.gov https://github.com/MarcinGadz/spring-rce-poc https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-125/index.html

CVE-2022-22968

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect