CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-31679

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.5%

CVSS Severity

CVSS v3 Score 3.7

References

https://tanzu.vmware.com/security/cve-2022-31679
https://tanzu.vmware.com/security/cve-2022-31679

Products affected by CVE-2022-31679

Vmware » Spring Data Rest » Version: 3.6.0

cpe:2.3:a:vmware:spring_data_rest:3.6.0
Vmware » Spring Data Rest » Version: 3.6.6

cpe:2.3:a:vmware:spring_data_rest:3.6.6
Vmware » Spring Data Rest » Version: 3.7.0

cpe:2.3:a:vmware:spring_data_rest:3.7.0
Vmware » Spring Data Rest » Version: 3.7.2

cpe:2.3:a:vmware:spring_data_rest:3.7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31679

Products

Pricing

Contact Us