Rewterz Threat Alert – Massive Hacking Campaign Compromised Several WordPress Websites – Active IOCs
May 16, 2022Rewterz Threat Advisory – CVE-2022-0005 – Intel Software Guard Extensions (SGX) Platform Vulnerability
May 16, 2022Rewterz Threat Alert – Massive Hacking Campaign Compromised Several WordPress Websites – Active IOCs
May 16, 2022Rewterz Threat Advisory – CVE-2022-0005 – Intel Software Guard Extensions (SGX) Platform Vulnerability
May 16, 2022Severity
Medium
Analysis Summary
CVE-2022-22970 CVSS:6.5
Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling of file uploads. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-22971 CVSS:6.5
Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition
Impact
- Denial of Service
Indicators Of Compromise
CVE
CVE-2022-22970
CVE-2022-22971
Affected Vendors
VMware
Affected Products
- VMware Tanzu Spring Framework 5.2.0
- VMware Tanzu Spring Framework 5.3.0
- VMware Tanzu Spring Framework 5.2.21
- VMware Tanzu Spring Framework 5.3.19
Remediation
Refer to VMware Tanzu Web site for patch, upgrade or suggested workaround information.