{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T19:44:11.253","vulnerabilities":[{"cve":{"id":"CVE-2024-22259","sourceIdentifier":"security@vmware.com","published":"2024-03-16T05:15:20.830","lastModified":"2025-06-10T15:55:48.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input."},{"lang":"es","value":"Las aplicaciones que utilizan UriComponentsBuilder en Spring Framework para analizar una URL proporcionada externamente (por ejemplo, a través de un parámetro de consulta) Y realizan comprobaciones de validación en el host de la URL analizada pueden ser vulnerables a una redirección abierta https://cwe.mitre.org/data/ definiciones/601.html o a un ataque SSRF si la URL se utiliza después de pasar las comprobaciones de validación. Esto es lo mismo que CVE-2024-22243 https://spring.io/security/cve-2024-22243, pero con entradas diferentes."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionEndExcluding":"5.3.33","matchCriteriaId":"265CE42F-68C0-46AD-80E8-382D052833E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.18","matchCriteriaId":"1C1F744C-2328-45FA-BA6F-EAC3AA1E4FC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.5","matchCriteriaId":"D4C4F614-8E7A-4FFE-BC70-1728739E8E3C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*","matchCriteriaId":"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*","matchCriteriaId":"B55E8D50-99B4-47EC-86F9-699B67D473CE"}]}]}],"references":[{"url":"https://security.netapp.com/advisory/ntap-20240524-0002/","source":"security@vmware.com","tags":["Third Party Advisory"]},{"url":"https://spring.io/security/cve-2024-22259","source":"security@vmware.com","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240524-0002/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://spring.io/security/cve-2024-22259","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}