summary
VMware security updates address a vulnerability in Spring, a popular open source framework for developing Java applications. This vulnerability, if exploited, could allow access to sensitive information on target systems.
Note (updated 12/20/2024): A Proof of Concept (PoC) for exploiting the vulnerability is available online.
Risk
Vulnerability Impact Estimated on the Reference Community: Medium (63.46)
Type
- Arbitrary File Write/Read
- Information Disclosure
Affected Products and Versions
Spring Framework
- 5.3.x, versions prior to 5.3.40
- 6.0.x, versions prior to 6.0.24
- 6.1.x, versions prior to 6.1.13
- All previous versions no longer supported
Mitigation Actions
In line with vendor statements, it is recommended to update vulnerable products following the indications of the security bulletin reported in the References section.
References
https://spring.io/security/cve-2024-38819
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
