CVE-2021-22118
published 2021-05-27CVE-2021-22118: In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libspring-java | — | — |
| oracle | commerce_guided_search | — | — |
| oracle | communications_brm_elastic_charging_engine | — | — |
| oracle | communications_cloud_native_core_binding_support_function | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | — | — |
| oracle | communications_cloud_native_core_service_communication_proxy | — | — |
| oracle | communications_cloud_native_core_unified_data_repository | — | — |
| oracle | communications_diameter_intelligence_hub | 8.0.0 – 8.1.0 | — |
| oracle | communications_diameter_intelligence_hub | 8.2.0 – 8.2.3 | — |
| oracle | communications_element_manager | 8.2.0 – 8.2.4.0 | — |
| oracle | communications_interactive_session_recorder | — | — |
| oracle | communications_network_integrity | — | — |
| oracle | communications_session_report_manager | 8.0.0 – 8.2.4.0 | — |
| oracle | communications_session_route_manager | 8.0.0 – 8.2.4.0 | — |
| oracle | communications_unified_inventory_management | — | — |
| oracle | communications_unified_inventory_management | — | — |
| oracle | communications_unified_inventory_management | — | — |
| oracle | documaker | 12.6.0 – 12.6.4 | — |
| oracle | enterprise_data_quality | — | — |
| oracle | enterprise_data_quality | — | — |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.8 – 8.1.1 | — |
| oracle | healthcare_data_repository | — | — |
| oracle | insurance_policy_administration | 11.0 – 11.3.1 | — |
| oracle | insurance_rules_palette | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH