Vulnerability Details : CVE-2022-43484
TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.
Vulnerability category: Input validation
Products affected by CVE-2022-43484
- Nttdata » Terasoluna Server Framework For Java (rich)Versions from including (>=) 2.0.0.2 and up to, including, (<=) 2.0.5.1cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_\(rich\):*:*:*:*:*:*:*:*
- cpe:2.3:a:nttdata:terasoluna_global_framework:1.0.0:*:*:*:public_review:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-43484
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-43484
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-43484
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-43484
-
https://jvn.jp/en/jp/JVN54728399/index.html
JVN#54728399: TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) vulnerable to ClassLoader manipulationThird Party Advisory
-
http://terasolunaorg.github.io/vulnerability/cve-2022-43484.html
CVE-2022-43484についてExploit;Mitigation;Third Party Advisory
-
https://osdn.net/projects/terasoluna/wiki/cve-2022-43484
cve-2022-43484 - TERASOLUNA Framework Wiki - TERASOLUNA Framework - OSDNMitigation;Third Party Advisory
Jump to