CVE-2021-22096
springframework: malicious input leads to insertion of additional log entries
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
En Spring Framework versiones 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, y en versiones anteriores no soportadas, es posible para un usuario proporcionar una entrada maliciosa para causar una inserciĆ³n de entradas de registro adicionales
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.12.1 serves as an update to Red Hat Decision Manager 7.12.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, information leakage, and traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-10-28 CVE Published
- 2024-08-03 CVE Updated
- 2025-07-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-117: Improper Output Neutralization for Logs
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20211125-0005 | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpuapr2022.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tanzu.vmware.com/security/cve-2021-22096 | 2022-04-28 | |
| https://access.redhat.com/security/cve/CVE-2021-22096 | 2022-09-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2034584 | 2022-09-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | >= 5.2.0 <= 5.2.17 Search vendor "Vmware" for product "Spring Framework" and version " >= 5.2.0 <= 5.2.17" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | >= 5.3.0 <= 5.3.10 Search vendor "Vmware" for product "Spring Framework" and version " >= 5.3.0 <= 5.3.10" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | linux |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | windows |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Management Services For Element Software And Netapp Hci Search vendor "Netapp" for product "Management Services For Element Software And Netapp Hci" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Metrocluster Tiebreaker Search vendor "Netapp" for product "Metrocluster Tiebreaker" | - | clustered_data_ontap |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snap Creator Framework Search vendor "Netapp" for product "Snap Creator Framework" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Console Search vendor "Oracle" for product "Communications Cloud Native Core Console" | 1.9.0 Search vendor "Oracle" for product "Communications Cloud Native Core Console" and version "1.9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Service Communication Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" | 1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" and version "1.15.0" | - |
Affected
| ||||||