Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for metrocluster_tiebreaker by netapp

    CVE-2022-22968 (GCVE-0-2022-22968)

    Vulnerability from nvd – Published: 2022-04-14 20:05 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
    Severity
    No CVSS data available.
    CWE
    • Data Binding Rules Vulnerability
    Assigner
    Impacted products
    Vendor Product Version
    n/a Spring Framework Affected: Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:42.847Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2022-22968"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0004/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spring Framework",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Binding Rules Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:47:10.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2022-22968"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220602-0004/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2022-22968",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spring Framework",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Binding Rules Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2022-22968",
                  "refsource": "MISC",
                  "url": "https://tanzu.vmware.com/security/cve-2022-22968"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220602-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220602-0004/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2022-22968",
        "datePublished": "2022-04-14T20:05:50.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:42.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22096 (GCVE-0-2021-22096)

    Vulnerability from nvd – Published: 2021-10-28 15:22 – Updated: 2024-08-03 18:30
    VLAI
    Summary
    In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
    Severity
    No CVSS data available.
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    Impacted products
    Vendor Product Version
    n/a Spring Framework Affected: Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to 5.2.18+ and all older unsupported versions are impacted.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:30:23.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2021-22096"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spring Framework",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to  5.2.18+ and all older unsupported versions are impacted."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117: Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T23:24:13.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2021-22096"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2021-22096",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spring Framework",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to  5.2.18+ and all older unsupported versions are impacted."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-117: Improper Output Neutralization for Logs"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2021-22096",
                  "refsource": "MISC",
                  "url": "https://tanzu.vmware.com/security/cve-2021-22096"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20211125-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2021-22096",
        "datePublished": "2021-10-28T15:22:35.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:30:23.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6820 (GCVE-0-2016-6820)

    Vulnerability from nvd – Published: 2017-01-11 16:00 – Updated: 2024-08-06 01:43
    VLAI
    Summary
    MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:43:37.686Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "92495",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92495"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20160816-0001/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.netapp.com/support/s/article/cve-2016-6820-sensitive-information-disclosure-in-metrocluster-tiebreaker-for-clustered-data-ontap?language=en_US"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-15T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "92495",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92495"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20160816-0001/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.netapp.com/support/s/article/cve-2016-6820-sensitive-information-disclosure-in-metrocluster-tiebreaker-for-clustered-data-ontap?language=en_US"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-6820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "92495",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92495"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20160816-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20160816-0001/"
                },
                {
                  "name": "https://kb.netapp.com/support/s/article/cve-2016-6820-sensitive-information-disclosure-in-metrocluster-tiebreaker-for-clustered-data-ontap?language=en_US",
                  "refsource": "CONFIRM",
                  "url": "https://kb.netapp.com/support/s/article/cve-2016-6820-sensitive-information-disclosure-in-metrocluster-tiebreaker-for-clustered-data-ontap?language=en_US"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-6820",
        "datePublished": "2017-01-11T16:00:00.000Z",
        "dateReserved": "2016-08-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:43:37.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22968 (GCVE-0-2022-22968)

    Vulnerability from cvelistv5 – Published: 2022-04-14 20:05 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
    Severity
    No CVSS data available.
    CWE
    • Data Binding Rules Vulnerability
    Assigner
    Impacted products
    Vendor Product Version
    n/a Spring Framework Affected: Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:42.847Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2022-22968"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0004/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spring Framework",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Binding Rules Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:47:10.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2022-22968"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220602-0004/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2022-22968",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spring Framework",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Binding Rules Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2022-22968",
                  "refsource": "MISC",
                  "url": "https://tanzu.vmware.com/security/cve-2022-22968"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220602-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220602-0004/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2022-22968",
        "datePublished": "2022-04-14T20:05:50.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:42.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22096 (GCVE-0-2021-22096)

    Vulnerability from cvelistv5 – Published: 2021-10-28 15:22 – Updated: 2024-08-03 18:30
    VLAI
    Summary
    In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
    Severity
    No CVSS data available.
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    Impacted products
    Vendor Product Version
    n/a Spring Framework Affected: Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to 5.2.18+ and all older unsupported versions are impacted.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:30:23.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tanzu.vmware.com/security/cve-2021-22096"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spring Framework",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to  5.2.18+ and all older unsupported versions are impacted."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117: Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T23:24:13.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tanzu.vmware.com/security/cve-2021-22096"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2021-22096",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spring Framework",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to  5.2.18+ and all older unsupported versions are impacted."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-117: Improper Output Neutralization for Logs"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tanzu.vmware.com/security/cve-2021-22096",
                  "refsource": "MISC",
                  "url": "https://tanzu.vmware.com/security/cve-2021-22096"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20211125-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2021-22096",
        "datePublished": "2021-10-28T15:22:35.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:30:23.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6820 (GCVE-0-2016-6820)

    Vulnerability from cvelistv5 – Published: 2017-01-11 16:00 – Updated: 2024-08-06 01:43
    VLAI
    Summary
    MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:43:37.686Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "92495",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92495"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20160816-0001/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.netapp.com/support/s/article/cve-2016-6820-sensitive-information-disclosure-in-metrocluster-tiebreaker-for-clustered-data-ontap?language=en_US"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-15T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "92495",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92495"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20160816-0001/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.netapp.com/support/s/article/cve-2016-6820-sensitive-information-disclosure-in-metrocluster-tiebreaker-for-clustered-data-ontap?language=en_US"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-6820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "92495",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92495"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20160816-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20160816-0001/"
                },
                {
                  "name": "https://kb.netapp.com/support/s/article/cve-2016-6820-sensitive-information-disclosure-in-metrocluster-tiebreaker-for-clustered-data-ontap?language=en_US",
                  "refsource": "CONFIRM",
                  "url": "https://kb.netapp.com/support/s/article/cve-2016-6820-sensitive-information-disclosure-in-metrocluster-tiebreaker-for-clustered-data-ontap?language=en_US"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-6820",
        "datePublished": "2017-01-11T16:00:00.000Z",
        "dateReserved": "2016-08-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:43:37.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }