n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

CPENameOperatorVersion
spring_frameworklt5.2.20
spring_frameworkge5.3.0
spring_frameworklt5.3.17

Name	Operator	Version
spring_framework	lt	5.2.20
spring_framework	ge	5.3.0
spring_framework	lt	5.3.17

References

tanzu.vmware.com/security/cve-2022-22950

spring 1

ibm 24

veracode 1

cvelist 1

debiancve 1

cve 1

nessus 4

openvas 2

broadcom 1

nvd 1

osv 2

github 1

redhatcve 1

ubuntucve 1

ics 1

thn 1

f5 1

cert 1

rapid7blog 1

redhat 4

checkpoint_security 1

oracle 4

spring

CVE report published for Spring Framework

2022-03-28 08:00:00

ibm

Security Bulletin: A VMWare Tanzu Spring Vulerability Affects IBM OpenPages with Watson (CVE-2022-22950)

2023-07-28 16:47:11

Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22950, XFID:217968)

2022-05-13 17:08:13

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation with Spring Framework (CVE-2022-22950).

2023-01-12 21:59:00

veracode

Denial Of Service (DoS)

2022-04-07 12:06:55

cvelist

CVE-2022-22950

2022-04-01 22:17:32

debiancve

CVE-2022-22950

2022-04-01 23:15:13

cve

CVE-2022-22950

2022-04-01 23:15:13

nessus

Spring Framework < 5.2.20 / 5.3.x < 5.3.17 DoS (CVE-2022-22950)

2022-06-08 00:00:00

Dell EMC NetWorker < 19.8 DoS (DSA-2022-350)

2022-12-13 00:00:00

RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.1] (RHSA-2022:5555)

2022-07-15 00:00:00

openvas

VMware Spring Framework < 5.2.20, 5.3.x < 5.3.17 DoS Vulnerability - Linux

2022-04-06 00:00:00

VMware Spring Framework < 5.2.20, 5.3.x < 5.3.17 DoS Vulnerability - Windows

2022-04-06 00:00:00

broadcom

Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL

2023-08-29 00:00:00

nvd

CVE-2022-22950

2022-04-01 23:15:13

osv

CVE-2022-22950

2022-04-01 23:15:13

Allocation of Resources Without Limits or Throttling in Spring Framework

2022-04-03 00:01:00

github

Allocation of Resources Without Limits or Throttling in Spring Framework

2022-04-03 00:01:00

redhatcve

CVE-2022-22950

2022-03-28 21:07:31

ubuntucve

CVE-2022-22950

2022-04-01 00:00:00

ics

Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service

2022-10-13 12:00:00

thn

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

2022-03-31 05:52:00

K11510688 : Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963

2022-03-31 00:00:00

cert

Spring Framework insecurely handles PropertyDescriptor objects with data binding

2022-03-31 00:00:00

rapid7blog

Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)

2022-03-30 22:33:54

redhat

(RHSA-2022:8761) Moderate: Red Hat support for Spring Boot 2.7.2 update

2022-12-14 13:14:18

(RHSA-2022:5555) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update

2022-07-14 12:11:20

(RHSA-2022:5903) Moderate: Red Hat Process Automation Manager 7.13.0 security update

2022-08-04 04:17:59

checkpoint_security

Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950

2022-03-30 21:41:02

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

Related for PRION:CVE-2022-22950