Sign-up

ID

VAR-202111-0105


CVE

CVE-2021-22051


TITLE

Spring Cloud Gateway  Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014750

DESCRIPTION

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer. Spring Cloud Gateway Exists in a fraudulent authentication vulnerability.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2021-22051 // JVNDB: JVNDB-2021-014750 // VULHUB: VHN-380460

AFFECTED PRODUCTS

vendor:vmwaremodel:spring cloud gatewayscope:ltversion:3.0.5

Trust: 1.0

vendor:vmwaremodel:spring cloud gatewayscope:ltversion:2.2.10

Trust: 1.0

vendor:vmwaremodel:spring cloud gatewayscope:gteversion:3.0.0

Trust: 1.0

vendor:vmwaremodel:spring cloud gatewayscope:eqversion:2.2.10

Trust: 0.8

vendor:vmwaremodel:spring cloud gatewayscope:eqversion:3.0.5+

Trust: 0.8

vendor:vmwaremodel:spring cloud gatewayscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014750 // NVD: CVE-2021-22051

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22051
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-22051
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202111-678
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380460
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22051
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380460
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22051
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-22051
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380460 // JVNDB: JVNDB-2021-014750 // CNNVD: CNNVD-202111-678 // NVD: CVE-2021-22051

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380460 // JVNDB: JVNDB-2021-014750 // NVD: CVE-2021-22051

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-678

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-678

PATCH

title:CVE-2021-22051url:https://tanzu.vmware.com/security/cve-2021-22051

Trust: 0.8

title:Spring Cloud Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169343

Trust: 0.6

sources: JVNDB: JVNDB-2021-014750 // CNNVD: CNNVD-202111-678

EXTERNAL IDS

db:NVDid:CVE-2021-22051

Trust: 3.3

db:JVNDBid:JVNDB-2021-014750

Trust: 0.8

db:CNNVDid:CNNVD-202111-678

Trust: 0.6

db:VULHUBid:VHN-380460

Trust: 0.1

sources: VULHUB: VHN-380460 // JVNDB: JVNDB-2021-014750 // CNNVD: CNNVD-202111-678 // NVD: CVE-2021-22051

REFERENCES

url:https://tanzu.vmware.com/security/cve-2021-22051

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22051

Trust: 0.8

sources: VULHUB: VHN-380460 // JVNDB: JVNDB-2021-014750 // CNNVD: CNNVD-202111-678 // NVD: CVE-2021-22051

SOURCES

db:VULHUBid:VHN-380460
db:JVNDBid:JVNDB-2021-014750
db:CNNVDid:CNNVD-202111-678
db:NVDid:CVE-2021-22051

LAST UPDATE DATE

2024-08-14T14:25:08.516000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380460date:2021-11-09T00:00:00
db:JVNDBid:JVNDB-2021-014750date:2022-10-27T04:52:00
db:CNNVDid:CNNVD-202111-678date:2021-11-10T00:00:00
db:NVDid:CVE-2021-22051date:2021-11-09T22:13:10.783

SOURCES RELEASE DATE

db:VULHUBid:VHN-380460date:2021-11-08T00:00:00
db:JVNDBid:JVNDB-2021-014750date:2022-10-27T00:00:00
db:CNNVDid:CNNVD-202111-678date:2021-11-08T00:00:00
db:NVDid:CVE-2021-22051date:2021-11-08T14:15:07.860