Vulnerabilities > CVE-2021-22096

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

vmware

netapp

oracle

NVD

Published: 2021-10-28

Updated: 2022-04-28

Summary

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Spring Framework 5.2.0 Vmware Spring Framework 5.2.1 Vmware Spring Framework 5.2.2 Vmware Spring Framework 5.2.3 Vmware Spring Framework 5.2.4 Vmware Spring Framework 5.2.5 Vmware Spring Framework 5.2.6 Vmware Spring Framework 5.2.7 Vmware Spring Framework 5.2.8 Vmware Spring Framework 5.2.9 Vmware Spring Framework 5.2.10 Vmware Spring Framework 5.2.11 Vmware Spring Framework 5.2.12 Vmware Spring Framework 5.2.13 Vmware Spring Framework 5.2.14 Vmware Spring Framework 5.2.15 Vmware Spring Framework 5.2.16 Vmware Spring Framework 5.2.17 Vmware Spring Framework 5.3.0 Vmware Spring Framework 5.3.1 Vmware Spring Framework 5.3.2 Vmware Spring Framework 5.3.3 Vmware Spring Framework 5.3.4 Vmware Spring Framework 5.3.5 Vmware Spring Framework 5.3.6 Vmware Spring Framework 5.3.7 Vmware Spring Framework 5.3.8 Vmware Spring Framework 5.3.9 Vmware Spring Framework 5.3.10	38
Application	Netapp Netapp Snap Creator Framework - Netapp Snapcenter - Netapp Active IQ Unified Manager - Netapp Management Services FOR Element Software AND Netapp HCI - Netapp Metrocluster Tiebreaker -	7
Application	Oracle Oracle Communications Cloud Native Core Console 1.9.0 Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0	2

Vulnerabilities > CVE-2021-22096 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-22096"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-22096