CVE-2021-22118

HIGH

Spring Framework 5.2.0-5.2.14 - Authenticated Privilege Escalation via WebFlux Temporary Storage Directory

Title source: llm
STIX 2.1

Description

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

References (7)

Core 7
Core References
Third Party Advisory x_refsource_misc
https://tanzu.vmware.com/security/cve-2021-22118
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210713-0005/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 7.8
EPSS 0.0025
EPSS Percentile 48.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269 CWE-668
Status published
Products (48)
netapp/hci
netapp/management_services_for_element_software
oracle/commerce_guided_search 11.3.2
oracle/communications_brm_-_elastic_charging_engine 12.0.0.3
oracle/communications_cloud_native_core_binding_support_function 1.9.0
oracle/communications_cloud_native_core_policy 1.14.0
oracle/communications_cloud_native_core_security_edge_protection_proxy 1.6.0
oracle/communications_cloud_native_core_service_communication_proxy 1.14.0
oracle/communications_cloud_native_core_unified_data_repository 1.14.0
oracle/communications_diameter_intelligence_hub 8.0.0 - 8.1.0
... and 38 more
Published May 27, 2021
Tracked Since Feb 18, 2026