CVE-2021-22051
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
Las aplicaciones que usan Spring Cloud Gateway son vulnerables a unas peticiones específicamente diseñadas que podrían hacer una petición extra en los servicios posteriores. Los usuarios de las versiones afectadas deberían aplicar la siguiente mitigación: Los usuarios de la versión 3.0.x deben actualizar a la versión 3.0.5+, los usuarios de la versión 2.2.x deben actualizar a la versión 2.2.10.RELEASE o más reciente
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-04 CVE Reserved
- 2021-11-08 CVE Published
- 2023-06-01 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tanzu.vmware.com/security/cve-2021-22051 | 2021-11-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Spring Cloud Gateway Search vendor "Vmware" for product "Spring Cloud Gateway" | < 2.2.10 Search vendor "Vmware" for product "Spring Cloud Gateway" and version " < 2.2.10" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Spring Cloud Gateway Search vendor "Vmware" for product "Spring Cloud Gateway" | >= 3.0.0 < 3.0.5 Search vendor "Vmware" for product "Spring Cloud Gateway" and version " >= 3.0.0 < 3.0.5" | - |
Affected
| ||||||