In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
References
Link | Resource |
---|---|
https://security.netapp.com/advisory/ntap-20220602-0004/ | Third Party Advisory |
https://tanzu.vmware.com/security/cve-2022-22968 | Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
19 Oct 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220602-0004/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:netapp:metrocluster_tiebreaker:-:*:*:*:*:clustered_data_ontap:*:* cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:* cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:* |
|
First Time |
Netapp snap Creator Framework
Netapp active Iq Unified Manager Netapp Oracle Netapp metrocluster Tiebreaker Oracle mysql Enterprise Monitor Netapp cloud Secure Agent Netapp snapmanager |
25 Jul 2022, 18:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jun 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 May 2022, 18:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
22 Apr 2022, 20:16
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://tanzu.vmware.com/security/cve-2022-22968 - Vendor Advisory | |
CPE | cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* | |
First Time |
Vmware
Vmware spring Framework |
|
CWE | CWE-178 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
14 Apr 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-14 21:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-22968
Mitre link : CVE-2022-22968
CVE.ORG link : CVE-2022-22968
JSON object : View
Products Affected
netapp
- metrocluster_tiebreaker
- cloud_secure_agent
- active_iq_unified_manager
- snap_creator_framework
- snapmanager
vmware
- spring_framework
oracle
- mysql_enterprise_monitor
CWE
CWE-178
Improper Handling of Case Sensitivity