Vulnerability CVE-2022-22968 - CERT Civis.Net

Vulnerability Name:

CVE-2022-22968 (CCN-224374)

Assigned:

2022-04-13

Published:

2022-04-13

Updated:

2022-10-19

Summary:

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2022-22968

Source: XF
Type: UNKNOWN
spring-cve202222968-weak-security(224374)

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220602-0004/

Source: CCN
Type: Spring Blog, April 13, 2022
Spring Framework Data Binding Rules Vulnerability (CVE-2022-22968)

Source: CCN
Type: VMware Tanzu Web site
CVE-2022-22968: Spring Framework Data Binding Rules Vulnerability

Source: MISC
Type: Vendor Advisory
https://tanzu.vmware.com/security/cve-2022-22968

Source: CCN
Type: IBM Security Bulletin 6584219 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring Framework

Source: CCN
Type: IBM Security Bulletin 6585760 (Tivoli Application Dependency Discovery Manager)
A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).

Source: CCN
Type: IBM Security Bulletin 6590869 (SPSS Collaboration and Deployment Services)
Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services

Source: CCN
Type: IBM Security Bulletin 6591061 (Watson Explorer)
Vulnerability in Spring Framework affects IBM Watson Explorer (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970)

Source: CCN
Type: IBM Security Bulletin 6591145 (Common Licensing)
IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968)

Source: CCN
Type: IBM Security Bulletin 6593861 (Db2 Web Query for i)
Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).

Source: CCN
Type: IBM Security Bulletin 6602625 (i Modernization Engine for Lifecycle Integration)
IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6610084 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Source: CCN
Type: IBM Security Bulletin 6610371 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a data binding rules security weakness in Spring Framework (CVE-2022-22968)

Source: CCN
Type: IBM Security Bulletin 6615289 (Planning Analytics Workspace)
IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22968, CVE-2022-24785, CVE-2017-18214, CVE-2016-4055, CVE-2018-1000613, CVE-2020-15522, CVE-2018-1000180, CVE-2020-26939, CVE-2022-22314)

Source: CCN
Type: IBM Security Bulletin 6831855 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6838289 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: N/A
Type: Third Party Advisory
N/A

Vulnerable Configuration:

Configuration 1:

cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version < 5.2.0)

OR cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 5.2.0 and <= 5.2.20)

OR cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 5.3.0 and <= 5.3.18)

Configuration 2:

cpe:/a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:snapmanager:-:*:*:*:*:oracle:*:*

OR cpe:/a:netapp:snapmanager:-:*:*:*:*:sap:*:*

OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*

OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

OR cpe:/a:netapp:metrocluster_tiebreaker:-:*:*:*:*:clustered_data_ontap:*:*

OR cpe:/a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* (Version <= 8.0.29)

Configuration CCN 1:

cpe:/a:pivotal_software:spring_framework:5.2.2:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.0:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.1:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.2:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.3:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.4:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.5:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.6:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.7:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.8:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.9:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.10:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.11:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.12:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.13:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.14:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.15:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.3.16:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.2.0:-:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.2.3:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.2.4:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.2.5:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.2.6:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.2.7:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.2.8:*:*:*:*:*:*:*

OR cpe:/a:pivotal_software:spring_framework:5.2.9:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.10:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.11:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.12:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.13:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.14:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.15:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.16:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.17:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.18:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.19:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.3.18:*:*:*:*:*:*:*

OR cpe:/a:vmware:spring_framework:5.2.20:*:*:*:*:*:*:*

AND

cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable