CVE-2022-22971Allocation of Resources Without Limits or Throttling in Vmware Spring Framework

CWE-770Allocation of Resources Without Limits or Throttling12 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 43.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Spring FrameworkOracle Financial Services Crime AND Compliance Management Studio
Timeline
PublishedMay 12
Latest updateJul 15

Description

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDvmware/spring_framework5.2.05.2.21+1
CVEListV5vmware/spring_frameworkSpring Framework versions 5.3.x prior to 5.3.20, 5.2.x prior to 5.2.22 and all old and unsupported versions

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
Allocation of Resources Without Limits or Throttling in Spring Framework2022-05-13
OSV
Allocation of Resources Without Limits or Throttling in Spring Framework2022-05-13
CVEList
CVE-2022-22971: In spring framework versions prior to 52022-05-12
OSV
CVE-2022-22971: In spring framework versions prior to 52022-05-12

📋Vendor Advisories

7
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: Infrastructure Management (Spring Framework) — CVE-2022-229712023-07-15
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Base (Spring Framework) — CVE-2022-229712023-04-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (Spring Framework) — CVE-2022-229712023-01-15
Oracle
Oracle Oracle Commerce Risk Matrix: Endeca Integration (Spring Framework) — CVE-2022-229712022-10-15
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Studio (Spring Framework) — CVE-2022-229712022-07-15