In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
2021-10-28T16:15:07.733
2024-11-21T05:49:31.290
Modified
CVSSv3.1: 4.3 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:P/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | vmware | spring_framework | ≤ 5.2.17 | Yes |
| Application | vmware | spring_framework | ≤ 5.3.10 | Yes |
| Application | netapp | active_iq_unified_manager | - | Yes |
| Application | netapp | active_iq_unified_manager | - | Yes |
| Application | netapp | active_iq_unified_manager | - | Yes |
| Application | netapp | management_services_for_element_software_and_netapp_hci | - | Yes |
| Application | netapp | metrocluster_tiebreaker | - | Yes |
| Application | netapp | snap_creator_framework | - | Yes |
| Application | netapp | snapcenter | - | Yes |
| Application | oracle | communications_cloud_native_core_console | 1.9.0 | Yes |
| Application | oracle | communications_cloud_native_core_service_communication_proxy | 1.15.0 | Yes |