Description: In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
CVE-2021-22118
CVSS Score: 7.8 (HIGH)
EPSS Score: 0.05%
Risk Score: 5.46 (HIGH)
Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.
Mitre ATT&CK Technical v15.1
T1053.002 – At
Technical Analysis & Mitigation Measures
Reference Links
https://tanzu.vmware.com/security/cve-2021-22118
https://security.netapp.com/advisory/ntap-20210713-0005/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
Vendor - Produce - Version
Disclaimer
The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.