CVE-2022-43484

CVSS V2 None CVSS V3 None
Description
TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.
Overview
  • CVE ID
  • CVE-2022-43484
  • Assigner
  • vultures@jpcert.or.jp
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-05T04:15:10
  • Last Modified Date
  • 2022-12-21T16:19:21
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:nttdata:terasoluna_global_framework:1.0.0:*:*:*:public_review:*:*:* 1 OR
cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_\(rich\):*:*:*:*:*:*:*:* 1 OR 2.0.0.2 2.0.5.1
References
Reference URL Reference Tags
http://terasolunaorg.github.io/vulnerability/cve-2022-43484.html Exploit Mitigation Third Party Advisory
https://jvn.jp/en/jp/JVN54728399/index.html Third Party Advisory
https://osdn.net/projects/terasoluna/wiki/cve-2022-43484 Mitigation Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-12-07 18:06:26 Added to TrackCVE
2022-12-21 16:15:28 2022-12-05T04:15:10.343 2022-12-05T04:15:10 CVE Published Date updated
2022-12-21 16:15:28 2022-12-06T21:05:29 CVE Modified Date updated
2022-12-21 16:15:28 Analyzed Undergoing Analysis Vulnerability Status updated
2022-12-21 17:14:47 2022-12-21T16:19:21 CVE Modified Date updated
2022-12-21 17:14:47 Undergoing Analysis Analyzed Vulnerability Status updated