Vulnerability Description
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Framework | >= 5.2.0, <= 5.2.17 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Management Services For Element Software And Netapp Hci | - |
| Netapp | Metrocluster Tiebreaker | - |
| Netapp | Snap Creator Framework | - |
| Netapp | Snapcenter | - |
| Oracle | Communications Cloud Native Core Console | 1.9.0 |
| Oracle | Communications Cloud Native Core Service Communication Proxy | 1.15.0 |
Related Weaknesses (CWE)
References
- https://security.netapp.com/advisory/ntap-20211125-0005/Third Party Advisory
- https://tanzu.vmware.com/security/cve-2021-22096Vendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlThird Party Advisory
- https://security.netapp.com/advisory/ntap-20211125-0005/Third Party Advisory
- https://tanzu.vmware.com/security/cve-2021-22096Vendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlThird Party Advisory
FAQ
What is CVE-2021-22096?
CVE-2021-22096 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
How severe is CVE-2021-22096?
CVE-2021-22096 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22096?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Framework, Netapp Active Iq Unified Manager, Netapp Management Services For Element Software And Netapp Hci, Netapp Metrocluster Tiebreaker, Netapp Snap Creator Framework.