How severe is CVE-2024-22263?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2024-22263 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Spring By Vmware Tanzu Cloud Skipper

CVE-2024-22263

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload pa…

EPSS: 0.777 (99.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Spring By Vmware Tanzu Cloud Skipper — versions 2.11.0 - 2.11.2, 2.10.x

Public proof-of-concept exploits

References

spring.io/security/cve-2024-22263

Frequently asked questions

What is CVE-2024-22263?: CVE-2024-22263 is a high-severity vulnerability in Spring By Vmware Tanzu Cloud Skipper. CVSS score: 8.8/10. Published 2024-06-19.
How severe is CVE-2024-22263?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2024-22263 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.