CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

History

07 Oct 2022, 13:17

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220616-0006/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220616-0006/ - Third Party Advisory
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
First Time Netapp brocade San Navigator
Netapp oncommand Insight
Netapp active Iq Unified Manager
Netapp
Oracle
Netapp cloud Secure Agent
Oracle financial Services Crime And Compliance Management Studio

25 Jul 2022, 18:20

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

16 Jun 2022, 15:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220616-0006/ -

02 Jun 2022, 17:01

Type Values Removed Values Added
CVSS v2 : 4.0
v3 : 6.5
v2 : 3.5
v3 : 5.3

01 Jun 2022, 18:03

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 7.5
v2 : 4.0
v3 : 6.5

23 May 2022, 19:15

Type Values Removed Values Added
References (MISC) https://tanzu.vmware.com/security/cve-2022-22970 - (MISC) https://tanzu.vmware.com/security/cve-2022-22970 - Mitigation, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-770
CPE cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
First Time Vmware
Vmware spring Framework

12 May 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-12 20:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-22970

Mitre link : CVE-2022-22970

CVE.ORG link : CVE-2022-22970


JSON object : View

Products Affected

netapp

  • brocade_san_navigator
  • oncommand_insight
  • active_iq_unified_manager
  • cloud_secure_agent

oracle

  • financial_services_crime_and_compliance_management_studio

vmware

  • spring_framework
CWE
CWE-770

Allocation of Resources Without Limits or Throttling