CVE-2022-22950 - Vulnerability Details - OpenCVE

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Jboss Enterprise Bpms Platform Jboss Fuse Openshift Application Runtimes Rhev Manager
Vmware	Spring Framework

Configuration 1 [-]

OR	cpe:2.3:a:vmware:spring_framework::::::::
	cpe:2.3:a:vmware:spring_framework::::::::

Package	CPE	Advisory	Released Date
Red Hat Fuse 7.11
spring-expression	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:5532	2022-07-07T00:00:00Z
Red Hat Virtualization Engine 4.4
ovirt-dependencies-0:4.5.2-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:5555	2022-07-14T00:00:00Z
RHPAM 7.13.0 async
spring-expression	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13	RHSA-2022:5903	2022-08-04T00:00:00Z
Text-Only RHOAR
spring-expression	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2022:8761	2022-12-14T00:00:00Z

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2022-22950
https://tanzu.vmware.com/security/cve-2022-22950
https://www.cve.org/CVERecord?id=CVE-2022-22950

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2022-04-01T22:17:32

Updated: 2024-08-03T03:28:42.433Z

Reserved: 2022-01-10T00:00:00

Link: CVE-2022-22950

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-04-01T23:15:13.450

Modified: 2024-11-21T06:47:40.157

Link: CVE-2022-22950

Redhat

Severity : Moderate

Publid Date: 2022-03-28T00:00:00Z

Links: CVE-2022-22950 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Spring Framework", "vendor": "n/a", "versions": [{"status": "affected", "version": "Spring Framework versions 5.3.X prior to 5.3.17+ and all old and unsupported versions"}]}], "descriptions": [{"lang": "en", "value": "n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-01T22:17:32", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://tanzu.vmware.com/security/cve-2022-22950"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2022-22950", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spring Framework", "version": {"version_data": [{"version_value": "Spring Framework versions 5.3.X prior to 5.3.17+ and all old and unsupported versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}]}, "references": {"reference_data": [{"name": "https://tanzu.vmware.com/security/cve-2022-22950", "refsource": "MISC", "url": "https://tanzu.vmware.com/security/cve-2022-22950"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:42.433Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tanzu.vmware.com/security/cve-2022-22950"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2022-22950", "datePublished": "2022-04-01T22:17:32", "dateReserved": "2022-01-10T00:00:00", "dateUpdated": "2024-08-03T03:28:42.433Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "7417ECB4-3391-4273-9DAF-C9C82220CEA8", "versionEndExcluding": "5.2.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBE4B8EA-DF28-42C9-A3DD-209AEE59DEEB", "versionEndExcluding": "5.3.17", "versionStartIncluding": "5.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition."}, {"lang": "es", "value": "En Spring Framework versiones 5.3.0 - 5.3.16 y en las versiones anteriores no soportadas, es posible que un usuario proporcione una expresi\u00f3n SpEL especialmente dise\u00f1ada que puede causar una condici\u00f3n de denegaci\u00f3n de servicio"}], "id": "CVE-2022-22950", "lastModified": "2024-11-21T06:47:40.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-01T23:15:13.450", "references": [{"source": "security@vmware.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tanzu.vmware.com/security/cve-2022-22950"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tanzu.vmware.com/security/cve-2022-22950"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security@vmware.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5532", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "spring-expression", "product_name": "Red Hat Fuse 7.11", "release_date": "2022-07-07T00:00:00Z"}, {"advisory": "RHSA-2022:5555", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "package": "ovirt-dependencies-0:4.5.2-1.el8ev", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2022-07-14T00:00:00Z"}, {"advisory": "RHSA-2022:5903", "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "package": "spring-expression", "product_name": "RHPAM 7.13.0 async", "release_date": "2022-08-04T00:00:00Z"}, {"advisory": "RHSA-2022:8761", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "spring-expression", "product_name": "Text-Only RHOAR", "release_date": "2022-12-14T00:00:00Z"}], "bugzilla": {"description": "spring-expression: Denial of service via specially crafted SpEL expression", "id": "2069414", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069414"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-770", "details": ["n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service."], "name": "CVE-2022-22950", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "spring-expression", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "spring-expression", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "spring-expression", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "spring-expression", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Will not fix", "package_name": "spring-expression", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "package_name": "spring-expression", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Will not fix", "package_name": "spring-expression", "product_name": "Red Hat Integration Camel Quarkus 1"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Out of support scope", "package_name": "spring-expression", "product_name": "Red Hat Integration Data Virtualisation Operator"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "spring-expression", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "spring-expression", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "spring-expression", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "spring-expression", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "spring-expression", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "spring-expression", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "spring-expression", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "spring-expression", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "spring-expression", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "spring-expression", "product_name": "Red Hat support for Spring Boot"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Not affected", "package_name": "spring-expression", "product_name": "streams for Apache Kafka"}], "public_date": "2022-03-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-22950\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22950"], "threat_severity": "Moderate"}