Lucene search
JpcertCVELIST:CVE-2022-43484HistoryDec 05, 2022 - 12:00 a.m.
CVE-2022-43484
2022-12-0500:00:00
jpcert
www.cve.org
2
terasoluna
global framework
server framework
classloader manipulation
spring framework
input validation
arbitrary code execution
0.001 Low
EPSS
Percentile
26.9%
TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.
CNA Affected
[
{
"vendor": "NTT DATA Corporation",
"product": "TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich)",
"versions": [
{
"version": "TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1",
"status": "affected"
}
]
}
]Related
osv
osv
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
2022-12-05 06:30:21
prion
prion
Input validation
2022-12-05 04:15:00
nvd
nvd
CVE-2022-43484
2022-12-05 04:15:10
cve
cve
CVE-2022-43484
2022-12-05 04:15:10
jvn
jvn
github
github
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
2022-12-05 06:30:21