Latest CVE Feed
-
7.5
HIGHCVE-2021-22119
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux... Read more
- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modif... Read more
Affected Products : commerce_guided_search retail_customer_management_and_segmentation_foundation retail_predictive_application_server communications_diameter_intelligence_hub mysql_enterprise_monitor communications_cloud_native_core_unified_data_repository communications_cloud_native_core_policy retail_merchandising_system communications_interactive_session_recorder communications_unified_inventory_management +22 more products- Published: May. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22116
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target R... Read more
- Published: Jun. 08, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-22115
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud C... Read more
- Published: Apr. 08, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-22114
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, ... Read more
Affected Products : spring_integration_zip- Published: Mar. 01, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use... Read more
Affected Products : spring_cloud_netflix_zuul- Published: Feb. 23, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-22112
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug... Read more
- Published: Feb. 23, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22101
Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by ge... Read more
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-22100
In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to... Read more
- Published: Mar. 25, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22098
UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of U... Read more
- Published: Aug. 11, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-22097
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java... Read more
Affected Products : spring_advanced_message_queuing_protocol- Published: Oct. 28, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.... Read more
- Published: Oct. 28, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-22095
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message... Read more
Affected Products : spring_advanced_message_queuing_protocol- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against... Read more
- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22057
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Ver... Read more
- Published: Dec. 20, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22056
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.... Read more
- Published: Dec. 20, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-22055
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.... Read more
Affected Products : photon_os- Published: Apr. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22054
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send thei... Read more
Affected Products : workspace_one_uem_console- Published: Dec. 17, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22053
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[u... Read more
Affected Products : spring_cloud_netflix- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-22051
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x ... Read more
Affected Products : spring_cloud_gateway- Published: Nov. 08, 2021
- Modified: Nov. 21, 2024