{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T23:53:00.128","vulnerabilities":[{"cve":{"id":"CVE-2021-22060","sourceIdentifier":"security@vmware.com","published":"2022-01-10T14:10:16.680","lastModified":"2024-11-21T05:49:31.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase."},{"lang":"es","value":"En Spring Framework versiones 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, y en las versiones anteriores no soportadas, es posible que un usuario proporcione una entrada maliciosa que cause una inserción de entradas de registro adicionales. Se trata de un seguimiento de CVE-2021-22096 que protege contra tipos adicionales de entrada y en más lugares de la base de código de Spring Framework"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2.0","versionEndIncluding":"5.2.18","matchCriteriaId":"40A4C428-885A-4230-B690-497F5A529523"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndIncluding":"5.3.13","matchCriteriaId":"B362C053-E88C-4118-96C3-F6C8C1DE5948"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"DAAB7154-4DE8-4806-86D0-C1D33B84417B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"175B97A7-0B00-4378-AD9F-C01B6D9FD570"}]}]}],"references":[{"url":"https://tanzu.vmware.com/security/cve-2021-22060","source":"security@vmware.com","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security@vmware.com","tags":["Third Party Advisory"]},{"url":"https://tanzu.vmware.com/security/cve-2021-22060","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}