Cyberattacks Escalate in Middle East Due to Rising Tension Between Nations
April 16, 2024Threat Actor Claims to Sell Database of Mossad and Israeli Ministry of Foreign Affairs
April 17, 2024Cyberattacks Escalate in Middle East Due to Rising Tension Between Nations
April 16, 2024Threat Actor Claims to Sell Database of Mossad and Israeli Ministry of Foreign Affairs
April 17, 2024Severity
High
Analysis Summary
CVE-2024-22262
VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in UriComponentsBuilder. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
Impact
- Information Theft
Indicators of Compromise
CVE
- CVE-2024-22262
Affected Vendors
Affected Products
- VMware Tanzu Spring Framework 5.3.0
- VMware Tanzu Spring Framework 6.0.0
- VMware Tanzu Spring Framework 6.1.0
- VMware Tanzu Spring Framework 5.3.33
- VMware Tanzu Spring Framework 6.0.18
- VMware Tanzu Spring Framework 6.1.5
Remediation
Refer to VMware Security Advisories for patch, upgrade or suggested workaround information.