4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.006 Low
EPSS
Percentile
79.1%
h3. Issue Summary
spring-beans is vulnerable to CVE-2022-22970
This is reproducible on Data Center: (yes)
h3. Steps to Reproduce
h3. Expected Results
Expect that synchrony-proxy/WEB-INF/lib contains spring-beans-5.3.20.jar or higher
h3. Actual Results
spring-beans-5.3.19.jar is present
h3. Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
CPE | Name | Operator | Version |
---|---|---|---|
confluence data center | le | 7.13.9 | |
confluence data center | lt | 7.13.12 | |
confluence data center | lt | 7.19.3 | |
confluence data center | lt | 8.0.0 |
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.006 Low
EPSS
Percentile
79.1%