CVE-2022-22971

MEDIUM LAB

Vmware Spring Framework < 5.2.21 - Resource Allocation Without Limits

Title source: rule

Description

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

Exploits (1)

nomisec WORKING POC 1 stars

by tchize · poc

https://github.com/tchize/CVE-2022-22971

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220616-0003/

[Mitigation, Vendor Advisory] https://tanzu.vmware.com/security/cve-2022-22971

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 6.5

EPSS 0.0034

EPSS Percentile 56.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull rabbitmq:3.8-management

https://github.com/tchize/CVE-2022-22971

View in Library

Details

CWE

CWE-770

Status published

Products (6)

netapp/cloud_secure_agent

netapp/oncommand_insight

oracle/financial_services_crime_and_compliance_management_studio 8.0.8.2.0

oracle/financial_services_crime_and_compliance_management_studio 8.0.8.3.0

org.springframework/spring-messaging 5.3.0 - 5.3.20Maven

vmware/spring_framework 5.2.0 - 5.2.21

Published May 12, 2022

Tracked Since Feb 18, 2026