CVE-2021-22060 in VMware and Oracle Products
Published on January 10, 2022

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

NVD

Products Associated with CVE-2021-22060

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-22060 are published in these products:

VMware Spring Framework

Oracle Communications Cloud Native Core Console

Oracle Communications Cloud Native Core Service Communication Proxy

Exploit Probability

EPSS

0.19%

Percentile

41.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-22060 in VMware and Oracle ProductsPublished on January 10, 2022

Products Associated with CVE-2021-22060

Exploit Probability

CVE-2021-22060 in VMware and Oracle Products
Published on January 10, 2022