Rewterz Threat Advisory – CVE-2024-22243 – VMware Tanzu Spring Framework Vulnerability

Severity

High

Analysis Summary

CVE-2024-22243

VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability when using UriComponentsBuilder to parse an externally provided URL. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.

Impact

• Code Execution

Indicators Of Compromise

CVE

• CVE-2024-22243

Affected Vendors

VMware

Affected Products

• VMware Tanzu Spring Framework 5.3.0
• VMware Tanzu Spring Framework 6.0.0
• VMware Tanzu Spring Framework 5.3.31
• VMware Tanzu Spring Framework 6.0.16
• VMware Tanzu Spring Framework 6.1.0
• VMware Tanzu Spring Framework 6.1.3

Remediation

Refer to VMware Security Advisory for patch, upgrade, or suggested workaround information.

VMware Security Advisory