Vulnerability CVE-2022-22971 - CERT Civis.Net

Vulnerability Name:

CVE-2022-22971 (CCN-226492)

Assigned:

2022-05-11

Published:

2022-05-11

Updated:

2022-10-05

Summary:

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2022-22971

Source: XF
Type: UNKNOWN
vmwaretanzu-cve202222971-dos(226492)

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220616-0003/

Source: CCN
Type: VMware Tanzu Web site
CVE-2022-22971: Spring Framework DoS with STOMP over WebSocket

Source: MISC
Type: Mitigation, Vendor Advisory
https://tanzu.vmware.com/security/cve-2022-22971

Source: CCN
Type: IBM Security Bulletin 6584219 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring Framework

Source: CCN
Type: IBM Security Bulletin 6590869 (SPSS Collaboration and Deployment Services)
Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services

Source: CCN
Type: IBM Security Bulletin 6591061 (Watson Explorer)
Vulnerability in Spring Framework affects IBM Watson Explorer (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970)

Source: CCN
Type: IBM Security Bulletin 6606947 (Common Licensing)
IBM Common Licensing is vulnerable by a remote code attack in Spring Framework and Apache Commons(CVE-2022-22970,CVE-2022-22971,CVE-2022-33980)

Source: CCN
Type: IBM Security Bulletin 6610084 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Source: CCN
Type: IBM Security Bulletin 6619837 (Sterling Control Center)
IBM Sterling Control Center is vulnerable to denial of service by authenticated user due to Spring Framework (CVE-2022-22971)

Source: CCN
Type: IBM Security Bulletin 6620933 (Rational Test Virtualization Server)
Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench is vulnerable to a denial of service attack in Spring Framework (CVE-2022-22971)

Source: CCN
Type: IBM Security Bulletin 6734151 (Sterling Partner Engagement Manager)
IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to Vmware Tanzu Spring Framework (CVE-2022-22971)

Source: CCN
Type: IBM Security Bulletin 6967333 (QRadar SIEM)
IBM QRadar SIEM includes components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6982841 (Netcool Operations Insight)
Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6984347 (Engineering Requirements Management DOORS)
IBM Engineering Requirements Management DOORS/DWA vulnerabilities fixes for 9.7.2.6

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: N/A
Type: Patch, Third Party Advisory
N/A

Vulnerable Configuration:

Configuration 1:

cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 5.2.0 and <= 5.2.21)

OR cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 5.3.0 and <= 5.3.19)

Configuration 2:

cpe:/a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:9.2.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_partner_engagement_manager:6.1:*:*:*:*:*:*:*

Denotes that component is vulnerable