Lucene search

[email protected]NVD:CVE-2022-31679

HistorySep 21, 2022 - 6:15 p.m.

CVE-2022-31679

2022-09-2118:15:10

[email protected]

web.nvd.nist.gov

spring data rest

http patch

cve-2022-31679

vulnerability

hidden attributes

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

42.1%

JSON

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

Affected configurations

Nvd

Node

vmwarespring_data_restRange3.6.0–3.6.7

vmwarespring_data_restRange3.7.0–3.7.3

VendorProductVersionCPE
vmwarespring_data_rest*cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	spring_data_rest	*	cpe:2.3:a:vmware:spring_data_rest::::::::

References

tanzu.vmware.com/security/cve-2022-31679

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

42.1%

JSON

Related for NVD:CVE-2022-31679

github1 cvelist1 veracode1 spring2 osv1 prion1 cve1 ibm1