VIR Vulnerability Intelligence Relay

CVE-2010-1622

medium
Published 2010-06-21 · Modified 2024-12-03
CVSS v3
CVSS v2
6.0
VIR risk
6.0

Description

Improper Control of Generation of Code ('Code Injection') in Spring Framework

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.springsource.com/security/cve-2010-1622

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://geronimo.apache.org/22x-security-report.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://geronimo.apache.org/21x-security-report.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.springframework:spring>=2.5.0,<2.5.72.5.7
java Mavenorg.springframework:spring>=3.0.0,<3.0.33.0.3

Application impact
VendorProductVersionsFixed
oracle oraclefusion_middleware7.6.2
oracle oraclefusion_middleware11.1.1.6.1
oracle oraclefusion_middleware11.1.1.8.0
springsourcespring_framework2.5.0
springsourcespring_framework2.5.1
springsourcespring_framework2.5.2
springsourcespring_framework2.5.3
springsourcespring_framework2.5.4
springsourcespring_framework2.5.5
springsourcespring_framework2.5.6
springsourcespring_framework2.5.7
springsourcespring_framework3.0.0
springsourcespring_framework3.0.1
springsourcespring_framework3.0.2

References

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.