CVE-2021-22096

MEDIUM

Spring Framework <5.3.11-<5.2.18 - Info Disclosure

Title source: llm

Description

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

References (3)

[Vendor Advisory] https://tanzu.vmware.com/security/cve-2021-22096

[Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2022.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20211125-0005/

Scores

CVSS v3 4.3

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-117

Status published

Products (10)

netapp/active_iq_unified_manager (3 CPE variants)

netapp/management_services_for_element_software_and_netapp_hci

netapp/metrocluster_tiebreaker

netapp/snap_creator_framework

netapp/snapcenter

oracle/communications_cloud_native_core_console 1.9.0

oracle/communications_cloud_native_core_service_communication_proxy 1.15.0

org.springframework/spring 5.2.0 - 5.2.18Maven

org.springframework/spring-core 5.3.0 - 5.3.11Maven

vmware/spring_framework 5.2.0 - 5.2.17

Published Oct 28, 2021

Tracked Since Feb 18, 2026