Vmware Spring Framework Luki w zabezpieczeniach

Oś czasu

Wersja

5.3.0	10
5.3.1	10
5.3.2	10
5.3.3	10
5.3.4	10

Przeciwdziałanie

Official Fix	10
Temporary Fix	0
Workaround	0
Unavailable	0
Not Defined	3

Wykorzystywanie

High	0
Functional	0
Proof-of-Concept	0
Unproven	0
Not Defined	13

Wektor dostępu

Not Defined	0
Physical	0
Local	0
Adjacent	3
Network	10

Uwierzytelnianie

Not Defined	0
High	0
Low	4
None	9

Interakcja z użytkownikiem

Not Defined	0
Required	5
None	8

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	1
≤5	5
≤6	1
≤7	1
≤8	5
≤9	0
≤10	0

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	1
≤5	5
≤6	1
≤7	3
≤8	3
≤9	0
≤10	0

VulDB

≤1	0
≤2	0
≤3	0
≤4	3
≤5	4
≤6	1
≤7	2
≤8	3
≤9	0
≤10	0

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	1
≤6	1
≤7	1
≤8	2
≤9	0
≤10	0

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	1
≤7	0
≤8	1
≤9	3
≤10	0

Sprzedawca

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	0
<2k	0
<5k	0
<10k	4
<25k	9
<50k	0
<100k	0
≥100k	0

Wykorzystaj dzisiaj

<1k	4
<2k	3
<5k	6
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Affected Versions (79): 3.2, 3.2.1, 5.2, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.2.16, 5.2.17, 5.2.18, 5.2.19, 5.2.21, 5.2.22, 5.2.23, 5.3, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.11, 5.3.12, 5.3.13, 5.3.14, 5.3.15, 5.3.16, 5.3.17, 5.3.18, 5.3.19, 5.3.21, 5.3.22, 5.3.23, 5.3.24, 5.3.25, 5.3.26, 5.3.27, 5.3.28, 5.3.29, 5.3.31, 5.3.32, 5.3.33, 6, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5

Link to Product Website: https://www.vmware.com/

Opublikowano	Base	Temp	Słaby punkt	0day	Dzisiaj	Wyk	Prz	CTI	CVE
2024-04-16	6.2	6.1	Vmware Spring Framework URL Parser UriComponentsBuilder Redirect	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2024-22262
2024-03-16	7.2	7.0	VMware Spring Framework UriComponentsBuilder privilege escalation	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2024-22259
2024-02-23	7.2	7.0	VMware Spring Framework URL Parser UriComponentsBuilder privilege escalation	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	CVE-2024-22243
2024-01-22	7.5	7.3	VMware Spring Framework HTTP Request denial of service	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2024-22233
2023-11-28	6.0	6.0	VMware Spring Framework HTTP Rrequest denial of service	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2023-34053
2023-04-14	7.5	7.2	VMware Spring Framework SpEL Expression denial of service	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2023-20863
2023-03-28	7.4	7.2	VMware Spring Framework mvcRequestMatcher privilege escalation	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2023-20860
2023-03-24	5.0	5.0	VMware Spring Framework SpEL Expression denial of service	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.02	CVE-2023-20861
2022-12-10	4.4	4.4	VMware Spring Framework Spring MVC JavaScriptUtils.java JavaScriptUtils.javaScriptEscape cross site scripting	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2013-6430
2022-04-15	3.7	3.6	VMware Spring Framework Data Binding Rule privilege escalation	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2022-22968

3 więcej wpisów nie jest pokazywanych

🔒 Login Required

You need to signup and login to see more of the remaining 3 results.

więcej wpisów autorstwa Vmware

◂ PoprzedniPrzeglądKolejny ▸

Might our Artificial Intelligence support you?

Check our Alexa App!