CVE-2022-22968 vulnerability in VMware and Other Products
Published on April 14, 2022

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

NVD

Products Associated with CVE-2022-22968

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-22968 are published in these products:

VMware Spring Framework

NetApp Snap Creator Framework

NetApp Snapmanager

NetApp Active Iq Unified Manager

NetApp Metrocluster Tiebreaker

NetApp Cloud Secure Agent

Oracle Mysql Enterprise Monitor

Oracle

Exploit Probability

EPSS

20.51%

Percentile

95.49%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-22968 vulnerability in VMware and Other ProductsPublished on April 14, 2022

Products Associated with CVE-2022-22968

Exploit Probability

CVE-2022-22968 vulnerability in VMware and Other Products
Published on April 14, 2022