In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 05:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://security.netapp.com/advisory/ntap-20210713-0005/ - Third Party Advisory | |
References | () https://tanzu.vmware.com/security/cve-2021-22118 - Third Party Advisory | |
References | () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory |
Information
Published : 2021-05-27 15:15
Updated : 2024-11-21 05:49
NVD link : CVE-2021-22118
Mitre link : CVE-2021-22118
CVE.ORG link : CVE-2021-22118
JSON object : View
Products Affected
oracle
- financial_services_analytical_applications_infrastructure
- retail_customer_management_and_segmentation_foundation
- communications_cloud_native_core_security_edge_protection_proxy
- communications_cloud_native_core_unified_data_repository
- healthcare_data_repository
- insurance_policy_administration
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_policy
- communications_session_route_manager
- communications_element_manager
- retail_financial_integration
- commerce_guided_search
- retail_order_broker
- communications_diameter_intelligence_hub
- documaker
- communications_network_integrity
- communications_cloud_native_core_service_communication_proxy
- communications_session_report_manager
- utilities_testing_accelerator
- communications_interactive_session_recorder
- communications_brm_-_elastic_charging_engine
- insurance_rules_palette
- retail_assortment_planning
- retail_integration_bus
- mysql_enterprise_monitor
- retail_predictive_application_server
- retail_merchandising_system
- enterprise_data_quality
- communications_unified_inventory_management
netapp
- management_services_for_element_software
- hci
vmware
- spring_framework