Vulnerability lake

To find CVE, enter it here

You may use syntax like CVE-2021-25322

CVE-2021-22096

Description

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Severity

CVSS Version 3.x

Base score: 4.3 Exploit score: 2.8 Impact score: 1.4

Base Score (vectoral): CVSS:3.1 - AV:N - AC:L - PR:L - UI:N - S:U - C:N - I:L - A:N

CVSS Version 2.0

Base score: 4 Exploit score: 8 Impact score: 2.9

Base Score (vectoral): CVSS:2.0 - AV:N - AC:L - Au:S - C:N - I:P - A:N

Weakness Enumeration

NVD-CWE-Other

Change History

Last Modified: Apr 28, 2022

Known Affected Software Configurations

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:metrocluster_tiebreaker:-:*:*:*:*:clustered_data_ontap:*:*

cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*

References to Advisories, Solutions, and Tools

[MISC] https://tanzu.vmware.com/security/cve-2021-22096 Vendor Advisory

[CONFIRM] https://security.netapp.com/advisory/ntap-20211125-0005/ Third Party Advisory

[MISC] https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory