VMware CWE-863

VMware CWE-285

CWE-285 / Outside of 1003

In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

https://spring.io/security/cve-2022-22978 [No Types Assigned]

https://security.netapp.com/advisory/ntap-20220707-0003/ [Third Party Advisory]

https://tanzu.vmware.com/security/cve-2022-22978 [Vendor Advisory]

https://www.oracle.com/security-alerts/cpujul2022.html [Patch, Third Party Advisory]

OR
     *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
     *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
     *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

OR
     *cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*

https://security.netapp.com/advisory/ntap-20220707-0003/ No Types Assigned

https://security.netapp.com/advisory/ntap-20220707-0003/ Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html No Types Assigned

https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html [No Types Assigned]

https://security.netapp.com/advisory/ntap-20220707-0003/ [No Types Assigned]

OR
     *cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:* versions from (including) 5.5.0 up to (including) 5.5.6
     *cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:* versions from (including) 5.6.0 up to (including) 5.6.3

OR
     *cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.7
     *cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:* versions from (including) 5.6.0 up to (excluding) 5.6.4

OR
     *cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:* versions from (including) 5.5.0 up to (including) 5.5.6
     *cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:* versions from (including) 5.6.0 up to (including) 5.6.3

NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST CWE-863

https://tanzu.vmware.com/security/cve-2022-22978 No Types Assigned

https://tanzu.vmware.com/security/cve-2022-22978 Vendor Advisory

In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass