Directory Hijacking Vulnerability in Spring Boot by VMware
CVE-2022-27772
7.8HIGH
Key Information:
- Vendor
- Vmware
- Status
- Vendor
- CVE Published:
- 30 March 2022
Badges
👾 Exploit Exists🟡 Public PoC
Summary
The vulnerability allows unauthorized access to the temporary directory used by the Spring Boot application, potentially enabling malicious actors to manipulate or access sensitive data. Affected versions are those prior to v2.2.11.RELEASE and no longer supported by the maintainer, raising concerns for users relying on these outdated systems. It is crucial for organizations to update their Spring Boot instances to mitigate risks associated with this vulnerability.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved