CVE-2021-22118

Published May 27, 2021
Last updated 2 years ago
CVSS high 7.8
Overview

Description: In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
Source: security@vmware.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-668
security@vmware.com: CWE-269
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F640822D-4742-4F05-B70C-82B83EE95D45",
            "versionEndExcluding": "5.2.15",
            "versionStartIncluding": "5.2.0"
          },
          {
            "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F80D8729-8629-4DFF-8A09-8765E847EF01",
            "versionEndExcluding": "5.3.7",
            "versionStartIncluding": "5.3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06594847-96ED-4541-B2F4-C7331B603603"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "868E7C46-7E45-4CFA-8A25-7CBFED912096"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45E5C9B0-AB25-4744-88E4-FD0C4A853001"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A276784-877B-4A29-A8F1-70518A438A9A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5B4A191-44AE-4C35-9164-19237D2CF013",
            "versionEndIncluding": "8.1.0",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A543B4F8-149A-48AB-B388-AB7FA2ECAC18",
            "versionEndIncluding": "8.2.3",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0331877D-D5DB-4EE8-8220-C1CDC3F90CB0",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B7C949D-0AB3-4566-9096-014C82FC1CF1",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E419C70-9516-4C63-997B-60B20E30A30D",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "135D531C-A692-4BE3-AB8C-37BB0D35559A",
            "versionEndIncluding": "12.6.4",
            "versionStartIncluding": "12.6.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36CF85A9-2C29-46E7-961E-8ADD0B5822CF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E80555C7-DA1C-472C-9467-19554DCE4476"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC1C79CD-1833-451C-821D-369B09D672FB",
            "versionEndIncluding": "8.1.1",
            "versionStartIncluding": "8.0.8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66C673C4-A825-46C0-816B-103E1C058D03"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E883986-13DA-470F-95C4-BEBD0EDFEB9C",
            "versionEndIncluding": "11.3.1",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "212AC8FA-90E8-4FDF-BC57-D17CD8F2E35C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7A6C04D-43B3-4B83-A185-7CBD838C97E4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2B51896-E4DA-4FDA-979F-481FFB3E588A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88627B99-16DC-4878-A63A-A40F6FC1F477",
            "versionEndIncluding": "8.0.25"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B92BB355-DB00-438E-84E5-8EC007009576",
            "versionEndIncluding": "19.0",
            "versionStartIncluding": "16.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5B4C338-11E1-4235-9D5A-960B2711AC39"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C93F84E-9680-44EF-8656-D27440B51698"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6"
          },
          {
            "criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
