pivotalsoftware spring-framework CVE-2021-22118 vulnerability in Pivotal Software and Other Products
Published on May 27, 2021

product logo product logo product logo product logo
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

NVD

Weakness Type

Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.


Products Associated with CVE-2021-22118

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-22118 are published in these products:

Pivotal Software Spring Framework
 
VMware Spring Framework
 
Oracle Communications Brm Elastic Charging Engine
 
Oracle Communications Element Manager
 
Oracle Communications Interactive Session Recorder
 
Oracle Communications Session Report Manager
 
Oracle Communications Session Route Manager
 
Oracle Documaker
 
Oracle Enterprise Data Quality
 
Oracle Healthcare Data Repository
 
Oracle Insurance Policy Administration
 
Oracle Mysql Enterprise Monitor
 
Oracle Retail Assortment Planning
 
Oracle Retail Financial Integration
 
Oracle Retail Integration Bus
 
Oracle Retail Merchandising System
 
Oracle Retail Order Broker
 
Oracle Retail Predictive Application Server
 
NetApp Hci
 
NetApp Management Services Element Software
 
Oracle Communications Cloud Native Core Binding Support Function
 
Oracle Communications Cloud Native Core Policy
 
Oracle Communications Cloud Native Core Security Edge Protection Proxy
 
Oracle Communications Cloud Native Core Service Communication Proxy
 
Oracle Communications Cloud Native Core Unified Data Repository
 
Oracle Communications Unified Inventory Management
 
Oracle Financial Services Analytical Applications Infrastructure
 
Oracle Insurance Rules Palette
 
Oracle Retail Customer Management Segmentation Foundation
 
Oracle Utilities Testing Accelerator
 
Oracle Communications Network Integrity
 
Oracle Commerce Guided Search
 
Oracle Communications Diameter Intelligence Hub
 

Exploit Probability

EPSS
0.25%
Percentile
48.31%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.