cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-31679,https://securityvulnerability.io/vulnerability/CVE-2022-31679,HTTP PATCH Resource Exposure in Spring Data REST by VMware,"Certain versions of Spring Data REST from VMware are prone to a vulnerability that allows unauthorized access to hidden entity attributes. This arises when applications accept HTTP PATCH requests, permitting attackers who are familiar with the structured domain model to craft malicious requests. Such exploitation could lead to sensitive information disclosure, as attackers may manipulate requests to access and view data that should remain protected.",Vmware,Spring Data Rest,3.7,LOW,0.001019999966956675,false,,false,false,false,,,false,false,,2022-09-21T17:42:42.000Z,0
CVE-2021-22047,https://securityvulnerability.io/vulnerability/CVE-2021-22047,Unauthorized Access Vulnerability in Spring Data REST by VMware,"In versions 3.4.0 through 3.4.13 and 3.5.0 through 3.5.5 of Spring Data REST, an exposure exists where HTTP resources from custom controllers using specified API paths and mapped requests may be accessible without proper authorization. This depends on the setup of Spring Security and potentially leaves sensitive data unprotected if configurations are not strictly adhered to.",Vmware,Spring Data Rest,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-10-28T15:21:26.000Z,0