Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Published

2022-04-01T23:15:13.663

Last Modified

2025-03-13T16:36:53.717

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-94
Type: Primary
CWE-917

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	spring_cloud_function	≤ 3.1.6	Yes
Application	vmware	spring_cloud_function	≤ 3.2.2	Yes
Application	oracle	banking_branch	14.5	Yes
Application	oracle	banking_cash_management	14.5	Yes
Application	oracle	banking_corporate_lending_process_management	14.5	Yes
Application	oracle	banking_credit_facilities_process_management	14.5	Yes
Application	oracle	banking_electronic_data_exchange_for_corporates	14.5	Yes
Application	oracle	banking_liquidity_management	14.2	Yes
Application	oracle	banking_liquidity_management	14.5	Yes
Application	oracle	banking_origination	14.5	Yes
Application	oracle	banking_supply_chain_finance	14.5	Yes
Application	oracle	banking_trade_finance_process_management	14.5	Yes
Application	oracle	banking_virtual_account_management	14.5	Yes
Application	oracle	communications_cloud_native_core_automated_test_suite	1.9.0	Yes
Application	oracle	communications_cloud_native_core_automated_test_suite	22.1.0	Yes
Application	oracle	communications_cloud_native_core_console	1.9.0	Yes
Application	oracle	communications_cloud_native_core_console	22.1.0	Yes
Application	oracle	communications_cloud_native_core_network_exposure_function	22.1.0	Yes
Application	oracle	communications_cloud_native_core_network_function_cloud_native_environment	1.10.0	Yes
Application	oracle	communications_cloud_native_core_network_function_cloud_native_environment	22.1.0	Yes
Application	oracle	communications_cloud_native_core_network_function_cloud_native_environment	22.1.2	Yes
Application	oracle	communications_cloud_native_core_network_repository_function	1.15.0	Yes
Application	oracle	communications_cloud_native_core_network_repository_function	22.1.0	Yes
Application	oracle	communications_cloud_native_core_network_slice_selection_function	1.8.0	Yes
Application	oracle	communications_cloud_native_core_network_slice_selection_function	22.1.0	Yes
Application	oracle	communications_cloud_native_core_policy	1.15.0	Yes
Application	oracle	communications_cloud_native_core_policy	22.1.0	Yes
Application	oracle	communications_cloud_native_core_policy	22.1.3	Yes
Application	oracle	communications_cloud_native_core_security_edge_protection_proxy	1.7.0	Yes
Application	oracle	communications_cloud_native_core_security_edge_protection_proxy	22.1.0	Yes
Application	oracle	communications_cloud_native_core_unified_data_repository	1.15.0	Yes
Application	oracle	communications_cloud_native_core_unified_data_repository	22.1.0	Yes
Application	oracle	communications_communications_policy_management	12.6.0.0.0	Yes
Application	oracle	financial_services_analytical_applications_infrastructure	8.1.1.0	Yes
Application	oracle	financial_services_analytical_applications_infrastructure	8.1.2.0	Yes
Application	oracle	financial_services_behavior_detection_platform	8.1.1.0	Yes
Application	oracle	financial_services_behavior_detection_platform	8.1.1.1	Yes
Application	oracle	financial_services_behavior_detection_platform	8.1.2.0	Yes
Application	oracle	financial_services_enterprise_case_management	8.1.1.0	Yes
Application	oracle	financial_services_enterprise_case_management	8.1.1.1	Yes
Application	oracle	financial_services_enterprise_case_management	8.1.2.0	Yes
Application	oracle	mysql_enterprise_monitor	≤ 8.0.29	Yes
Application	oracle	product_lifecycle_analytics	3.6.1.0	Yes
Application	oracle	retail_xstore_point_of_service	20.0.1	Yes
Application	oracle	retail_xstore_point_of_service	21.0.0	Yes
Application	oracle	sd-wan_edge	9.0	Yes
Application	oracle	sd-wan_edge	9.1	Yes

References

http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html Exploit, Third Party Advisory, VDB Entry ([email protected])
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 Third Party Advisory ([email protected])
https://tanzu.vmware.com/security/cve-2022-22963 Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://tanzu.vmware.com/security/cve-2022-22963 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)