In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
References
Link | Resource |
---|---|
https://security.netapp.com/advisory/ntap-20210713-0005/ | Third Party Advisory |
https://tanzu.vmware.com/security/cve-2021-22118 | Third Party Advisory |
https://www.oracle.com//security-alerts/cpujul2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2021-05-27 15:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-22118
Mitre link : CVE-2021-22118
CVE.ORG link : CVE-2021-22118
JSON object : View
Products Affected
oracle
- communications_diameter_intelligence_hub
- retail_order_broker
- communications_session_report_manager
- communications_cloud_native_core_binding_support_function
- utilities_testing_accelerator
- retail_predictive_application_server
- communications_cloud_native_core_unified_data_repository
- communications_network_integrity
- retail_merchandising_system
- commerce_guided_search
- communications_cloud_native_core_policy
- enterprise_data_quality
- communications_cloud_native_core_service_communication_proxy
- communications_brm_-_elastic_charging_engine
- insurance_rules_palette
- retail_financial_integration
- financial_services_analytical_applications_infrastructure
- communications_element_manager
- communications_interactive_session_recorder
- documaker
- communications_cloud_native_core_security_edge_protection_proxy
- communications_session_route_manager
- insurance_policy_administration
- healthcare_data_repository
- mysql_enterprise_monitor
- retail_assortment_planning
- communications_unified_inventory_management
- retail_customer_management_and_segmentation_foundation
- retail_integration_bus
netapp
- management_services_for_element_software
- hci
vmware
- spring_framework