CVE-2021-22047

Published: Oct 28, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.

Affected (2)

Products: Vmware: Spring Data Rest

1 product

Spring Data Rest

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Vmware Spring Data Rest	From 3.4.0 to 3.4.13
Vmware Spring Data Rest	From 3.5.0 to 3.5.5

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://tanzu.vmware.com/security/cve-2021-22047

Source: security@vmware.com

Vendor Advisory

https://tanzu.vmware.com/security/cve-2021-22047

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.