CVE-2024-37084

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://spring.io/security/cve-2024-37084	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:vmware:spring_cloud_data_flow:*:*:*:*:*:*:*:*

History

26 Aug 2024, 16:11

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://spring.io/security/cve-2024-37084 -~~	() https://spring.io/security/cve-2024-37084 - Vendor Advisory
CPE		cpe:2.3:a:vmware:spring_cloud_data_flow::::::::
First Time		Vmware Vmware spring Cloud Data Flow
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 8.8

01 Aug 2024, 13:53

Type	Values Removed	Values Added
Summary		(es) En las versiones de Spring Cloud Data Flow anteriores a la 2.11.4, un usuario malintencionado que tiene acceso a la API del servidor Skipper puede utilizar una solicitud de carga manipulada para escribir un archivo arbitrario en cualquier ubicación del sistema de archivos, lo que podría comprometer el servidor.
CWE		CWE-94

25 Jul 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-25 10:15

Updated : 2024-08-26 16:11

NVD link : CVE-2024-37084

Mitre link : CVE-2024-37084

CVE.ORG link : CVE-2024-37084

JSON object : View

Products Affected

vmware

spring_cloud_data_flow

CWE

NVD-CWE-noinfo CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-37084", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-25T10:15:07.260", "references": [{"url": "https://spring.io/security/cve-2024-37084", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "In Spring Cloud Data Flow versions prior to 2.11.4,\u00a0\u00a0a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server"}, {"lang": "es", "value": "En las versiones de Spring Cloud Data Flow anteriores a la 2.11.4, un usuario malintencionado que tiene acceso a la API del servidor Skipper puede utilizar una solicitud de carga manipulada para escribir un archivo arbitrario en cualquier ubicaci\u00f3n del sistema de archivos, lo que podr\u00eda comprometer el servidor."}], "lastModified": "2024-08-26T16:11:27.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_cloud_data_flow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5051E95-868D-421F-9985-2A810BC01D38", "versionEndExcluding": "2.11.4", "versionStartIncluding": "2.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}