7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-22118

GHSA ID

GHSA-gfwj-fwqj-fp3v

EPSS Score

0.48585%

CWE

CWE-269

Published

5/24/2022

Updated

7/19/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-22118

CVE-2021-22118:
Improper Privilege Management in Spring Framework

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

(GitHub Advisory)

7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-22118

GHSA ID

GHSA-gfwj-fwqj-fp3v

EPSS Score

0.48585%

CWE

CWE-269

Published

5/24/2022

Updated

7/19/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.springframework:spring-web	maven	>= 5.2.0, <= 5.2.14	5.2.15
org.springframework:spring-web	maven	>= 5.3.0, <= 5.3.6	5.3.7

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

In Sprin* *r*m*work, v*rsions *.*.x prior to *.*.** *n* v*rsions *.*.x prior to *.*.*, * W***lux *ppli**tion is vuln*r**l* to * privil*** *s**l*tion: *y (r*)*r**tin* t** t*mpor*ry stor*** *ir**tory, * lo**lly *ut**nti**t** m*li*ious us*r **n r*** or

Reasoning

No *n*lysis *v*il**l*

7.8

Basic Information

Concerned about an active attack path?

CVE-2021-22118: Improper Privilege Management in Spring Framework

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2021-22118:
Improper Privilege Management in Spring Framework

Vulnerability Intelligence
Miggo AI