Vulnerabilities > CVE-2021-22044 - Exposure of Resource to Wrong Sphere vulnerability in VMWare Spring Cloud Openfeign

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
vmware
CWE-668

Summary

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.

Vulnerable Configurations

Part Description Count
Application
Vmware
1

Common Weakness Enumeration (CWE)