Smarts VSA 10.1.9 and spring-security-core-5.7.2 CVE-2022-31692
Article ID: 315829
Updated On:
Products
VMware Smart Assurance
Issue/Introduction
Smarts SAM-10.1.9 CVE reported on spring-security-core-5.7.2
Tenable TEN-171061 is being marked as Critical (although I also see it marked as Medium). It is cross-referenced to CVE-2022-31692
Listed files for Smarts in this report.
/SAM/smarts/classes/spring-security-core-5.7.2.jar.
/SAM/smarts/sso/lib/spring-security-core-5.7.2.jar
Tenable TEN-171061 is being marked as Critical (although I also see it marked as Medium). It is cross-referenced to CVE-2022-31692
Listed files for Smarts in this report.
/SAM/smarts/classes/spring-security-core-5.7.2.jar.
/SAM/smarts/sso/lib/spring-security-core-5.7.2.jar
Environment
VMware Smart Assurance - SMARTS
Resolution
Smarts is not vulnerable to this CVE-2022-31692.
Upgrading to 10.1.12 after it is released in May 2023 will also upgrade the spring-core version to resolve this issue.
Exploring the Spring Security authorization bypass (CVE-2022-31692) | Snyk
The severity of was reduced to 7.4 and this is why it is not on our VMSA website.
Upgrading to 10.1.12 after it is released in May 2023 will also upgrade the spring-core version to resolve this issue.
Exploring the Spring Security authorization bypass (CVE-2022-31692) | Snyk
The severity of was reduced to 7.4 and this is why it is not on our VMSA website.
Feedback
Yes
No
Powered by
