Vulnerabilities > CVE-2021-22118 - Exposure of Resource to Wrong Sphere vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
vmware
oracle
netapp
CWE-668

Summary

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Vulnerable Configurations

Part Description Count
Application
Vmware
31
Application
Oracle
168
Application
Netapp
2

Common Weakness Enumeration (CWE)