CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22247
https://notcve.org/view.php?id=CVE-2024-22247
02 Apr 2024 — VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured. VMware SD-WAN Edge contiene una vulnerabilidad de mecanismo de autenticación y protección faltante. Un actor malintencionado con acceso físico al dispositivo SD-W... • https://www.vmware.com/security/advisories/VMSA-2024-0008.html • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22246
https://notcve.org/view.php?id=CVE-2024-22246
02 Apr 2024 — VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router. VMware SD-WAN Edge contiene una vulnerabilidad de inyección de comandos no autenticados que podría conducir a la ejecución remota de código. Un actor malintencionado con acceso local a la interfaz de usuario del Ro... • https://www.vmware.com/security/advisories/VMSA-2024-0008.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20899
https://notcve.org/view.php?id=CVE-2023-20899
06 Jul 2023 — VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. • https://www.vmware.com/security/advisories/VMSA-2023-0015.html • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 94%CPEs: 97EXPL: 82CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
01 Apr 2022 — A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser ... • https://packetstorm.news/files/id/167011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 94%CPEs: 47EXPL: 32CVE-2022-22963 – VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22963
31 Mar 2022 — In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. En Spring Cloud Function versiones 3.1.6, 3.2.2 y versiones anteriores no soportadas, cuando es usada la funcionalidad routing es posible que un usuario proporcione un SpEL especialmente diseñado como expresión de enrutamiento que puede resul... • https://packetstorm.news/files/id/173430 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •