Vulnerabilities > CVE-2021-22047 - Exposure of Resource to Wrong Sphere vulnerability in VMWare Spring Data Rest

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

vmware

CWE-668

NVD

Published: 2021-10-28

Updated: 2021-11-01

Summary

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Spring Data Rest *	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://tanzu.vmware.com/security/cve-2021-22047