CVE-2024-22243

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 23, 2024

Updated: Jun 10, 2024

CWE ID 601

Summary

CVE-2024-22243 is a vulnerability affecting applications that utilize UriComponentsBuilder to parse externally provided URLs, such as through query parameters. This weakness exposes the applications to two potential threats: open redirect attacks and Server-Side Request Forgery (SSRF). In open redirect attacks, an attacker can manipulate the URL to redirect users to malicious websites. In SSRF attacks, the URL, once validated, is used to make unintended internal requests, potentially leading to unauthorized access to protected resources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Vmware Spring Framework

Affected Vendors

VMware Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uEw35L
https://www.cve.org/CVERecord?id=CVE-2024-22243
https://nvd.nist.gov/vuln/detail/CVE-2024-22243

Back to Vulnerability Database