CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
28.8%
VMware Spring Boot is prone to a data binding rules
vulnerability in the used Spring Framework.
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:vmware:spring_boot";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.113904");
script_version("2024-01-23T05:05:19+0000");
script_tag(name:"last_modification", value:"2024-01-23 05:05:19 +0000 (Tue, 23 Jan 2024)");
script_tag(name:"creation_date", value:"2022-04-19 10:56:39 +0000 (Tue, 19 Apr 2022)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-05-10 18:49:00 +0000 (Tue, 10 May 2022)");
script_cve_id("CVE-2022-22968");
script_name("VMware Spring Boot < 2.5.13, 2.6.x < 2.6.7 Data Binding Rules Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_vmware_spring_boot_consolidation.nasl");
script_mandatory_keys("vmware/spring/boot/detected");
script_xref(name:"URL", value:"https://tanzu.vmware.com/security/cve-2022-22968");
script_xref(name:"URL", value:"https://spring.io/blog/2022/04/13/spring-framework-data-binding-rules-vulnerability-cve-2022-22968");
script_tag(name:"summary", value:"VMware Spring Boot is prone to a data binding rules
vulnerability in the used Spring Framework.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"In Spring Framework the patterns for disallowedFields on a
DataBinder are case sensitive which means a field is not effectively protected unless it is listed
with both upper and lower case for the first character of the field, including upper and lower
case for the first character of all nested fields within the property path.");
script_tag(name:"affected", value:"VMware Spring Boot versions prior to 2.5.13 and 2.6.x prior to
2.6.7.
The following are the requirements for an environment to be affected to this specific
vulnerability:
- Registration of 'disallowed field patterns' in a 'DataBinder'
- spring-webmvc or spring-webflux dependency
- an affected version of Spring Boot");
script_tag(name:"solution", value:"Update to Spring Boot version 2.5.13, 2.6.7 or later.");
# nb: See affected tag for specific constraints / requirements for being vulnerable.
script_tag(name:"qod_type", value:"executable_version_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( isnull( port = get_app_port( cpe:CPE ) ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_is_less( version:version, test_version:"2.5.13" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"2.5.13/2.6.7", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
if( version_in_range_exclusive( version:version, test_version_lo:"2.6.0", test_version_up:"2.6.7" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"2.6.7", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
28.8%