CVE-2020-5410 is a directory traversal vulnerability affecting VMware Tanzu Spring Cloud Config Server. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-03-25, which indicates confirmed exploitation in the wild and raises the urgency for remediation.
Known exploitedVMware TanzuCVE published 2022-03-25
CVE-2018-1273 affects VMware Tanzu Spring Data Commons and is listed by CISA as a Known Exploited Vulnerability. The supplied CISA record also marks it as associated with known ransomware campaign use, so any affected deployment should be treated as urgent remediation work.
