CVE-2021-22096

Improper Output Neutralization for Logs (CWE-117)

Published: Oct 28, 2021 / Updated: 36mo ago

010
CVSS 4.3EPSS 0.08%Medium
CVE info copied to clipboard

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2021-22096. See article

Oct 26, 2021 at 6:03 PM / pivotal.io
EPSS

EPSS Score was set to: 0.08% (Percentile: 33%)

Oct 7, 2023 at 12:41 AM
Static CVE Timeline Graph

Affected Systems

Netapp/metrocluster_tiebreaker
+null more

Patches

Oracle
+null more

Links to Mitre Att&cks

T1070: Indicator Removal on Host
+null more

Attack Patterns

CAPEC-268: Audit Log Manipulation
+null more

Vendor Advisory

Oracle Critical Patch Update Advisory - April 2022

References

Oracle Critical Patch Update Advisory - April 2022
CVE-2021-22060
Vulnerability Summary for the Week of January 10, 2022
Original release date: January 17, 2022 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info agoric -- realms-shim All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. 2022-01-10 7.5 CVE-2021-23543 MISC MISC agoric -- realms-shim All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. 2022-01-10 7.5 CVE-2021-23594 MISC MISC checkpoint -- endpoint_security Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges. 2022-01-10 7.2 CVE-2021-30360 MISC MISC chshcms -- cscms cscms v4.1 allows for SQL injection via the "page_del" function. 2022-01-11 7.5 CVE-2020-28103 MISC chshcms -- cscms cscms v4.1 allows for SQL injection via the "js_del" function. 2022-01-11 7.5 CVE-2020-28102 MISC cisco -- unified_contact_center_express A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system.
See 1 more references

News

Multiple vulnerabilities in IBM MobileFirst Platform Foundation
A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. The vulnerability allows a remote attacker to execute arbitrary code on the target system.
Multiple vulnerabilities in IBM Integration Designer
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system. A remote attacker can send a specially crafted request that submits malicious input, conduct an XXE attack to access sensitive information, bypass security restrictions, or cause a denial of service (DoS) condition on the targeted system.
Multiple vulnerabilities in IBM Storage Protect Plus Server
The vulnerability allows a local user to perform a denial of service (DoS) attack. The vulnerability allows a local user to perform a denial of service (DoS) attack.
Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the smbCalcSize function in fs/smb/client/netmisc.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to crash the system or obtain internal kernel information. DESCRIPTION: Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
Multiple vulnerabilities in IBM Engineering Requirements Management DOORS/DWA
A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
See 84 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI