Lucene search

IBM4FBBEAD9FCB2C8AC0265158A09062B23E67134E267601AA077FF1B8A8B7C6917

HistoryJun 06, 2023 - 5:01 a.m.

Security Bulletin: [All] Spring Framework - CVE-2021-22096 (Publicly disclosed vulnerability)

2023-06-0605:01:46

www.ibm.com

spring framework

security vulnerability

insertion of log entries

itncm version 6.4.2

cve-2021-22096

vmware

remote attacker

bypass security restrictions

fix pack 18

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

34.2%

JSON

Summary

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This effects ITNCM version 6.4.2.

Vulnerability Details

CVEID:CVE-2021-22096
**DESCRIPTION:**VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
ITNCM	6.4.2

Remediation/Fixes

This issue has been fixed in ITNCM Fix Pack 18 and which is available in the following location in fix central.

AIX, Linux, Linux zSeries : 6.4.2-TIV-ITNCM-FP018

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtivoli_netcool_security_managerMatch6.4.2

VendorProductVersionCPE
ibmtivoli_netcool_security_manager6.4.2cpe:2.3:a:ibm:tivoli_netcool_security_manager:6.4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_netcool_security_manager	6.4.2	cpe:2.3:a:ibm:tivoli_netcool_security_manager:6.4.2:::::::*

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

34.2%

JSON

Related for 4FBBEAD9FCB2C8AC0265158A09062B23E67134E267601AA077FF1B8A8B7C6917