Severity
High
Analysis Summary
CVE-2022-31690
VMware Tanzu Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker could exploit this vulnerability to gain elevated privileges on the system.
Impact
Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-31690
Affected Vendors
VMware
Affected Products
- VMware Tanzu Spring Security 5.6.1
- VMware Tanzu Spring Security 5.6.2
- VMware Tanzu Spring Security 5.6.3
- VMware Tanzu Spring Security 5.6.4
- VMware Tanzu Spring Security 5.6.5
- VMware Tanzu Spring Security 5.6.6
- VMware Tanzu Spring Security 5.6.7
- VMware Tanzu Spring Security 5.6.8
Remediation
Refer to VMware Tanzu Website for patch, upgrade or suggested workaround information.