CVE-2022-43484

Name of the Vulnerable Software and Affected Versions TERASOLUNA Global Framework version 1.0.0 TERASOLUNA Server Framework for Java (Rich) versions 2.0.0.2 through 2.0.5.1

Description The issue is caused by an improper input validation in the binding mechanism of Spring MVC, which can lead to arbitrary code execution with the privileges of the application when processing a specially crafted file. This is due to the use of an old version of the Spring Framework that contains the vulnerability.

Recommendations For TERASOLUNA Global Framework version 1.0.0, update to TERASOLUNA Global Framework 1.0.1 or later, which uses Spring Framework 3.2.10. For TERASOLUNA Server Framework for Java (Rich) versions 2.0.0.2 through 2.0.5.1, update to TERASOLUNA Server Framework for Java 5.7.1.SP1, which uses Spring Framework 5.3.18.