CVE-2022-22965

Warning

Exploit

EPSS 94.44%
Published 01.04.2022 23:15:13
Last modified 10.04.2025 16:56:46
Source security@vmware.com
Teams watchlist Login
Open Login

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Affected products Warnungen 1 Metrics 4 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Spring Framework Version < 5.2.20

Oracle ≫ Jdk Version >= 9

VMware ≫ Spring Framework Version >= 5.3.0 < 5.3.18

Oracle ≫ Jdk Version >= 9

Cisco ≫ Cx Cloud Agent Version < 2.1.0

Oracle ≫ Communications Cloud Native Core Automated Test Suite Version1.9.0

Oracle ≫ Communications Cloud Native Core Automated Test Suite Version22.1.0

Oracle ≫ Communications Cloud Native Core Console Version1.9.0

Oracle ≫ Communications Cloud Native Core Console Version22.1.0

Oracle ≫ Communications Cloud Native Core Network Exposure Function Version22.1.0

Oracle ≫ Communications Cloud Native Core Network Function Cloud Native Environment Version1.10.0

Oracle ≫ Communications Cloud Native Core Network Function Cloud Native Environment Version22.1.0

Oracle ≫ Communications Cloud Native Core Network Repository Function Version1.15.0

Oracle ≫ Communications Cloud Native Core Network Repository Function Version22.1.0

Oracle ≫ Communications Cloud Native Core Network Slice Selection Function Version1.8.0

Oracle ≫ Communications Cloud Native Core Network Slice Selection Function Version1.15.0

Oracle ≫ Communications Cloud Native Core Network Slice Selection Function Version22.1.0

Oracle ≫ Communications Cloud Native Core Policy Version1.15.0

Oracle ≫ Communications Cloud Native Core Policy Version22.1.0

Oracle ≫ Communications Cloud Native Core Security Edge Protection Proxy Version1.7.0

Oracle ≫ Communications Cloud Native Core Security Edge Protection Proxy Version22.1.0

Oracle ≫ Communications Cloud Native Core Unified Data Repository Version1.15.0

Oracle ≫ Communications Cloud Native Core Unified Data Repository Version22.1.0

Oracle ≫ Communications Policy Management Version12.6.0.0.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version8.1.1

Oracle ≫ Financial Services Analytical Applications Infrastructure Version8.1.2.0

Oracle ≫ Financial Services Behavior Detection Platform Version8.1.1.0

Oracle ≫ Financial Services Behavior Detection Platform Version8.1.1.1

Oracle ≫ Financial Services Behavior Detection Platform Version8.1.2.0

Oracle ≫ Financial Services Enterprise Case Management Version8.1.1.0

Oracle ≫ Financial Services Enterprise Case Management Version8.1.1.1

Oracle ≫ Financial Services Enterprise Case Management Version8.1.2.0

Oracle ≫ Mysql Enterprise Monitor Version < 8.0.29

Oracle ≫ Product Lifecycle Analytics Version3.6.1

Oracle ≫ Retail Xstore Point Of Service Version20.0.1

Oracle ≫ Retail Xstore Point Of Service Version21.0.0

Oracle ≫ Sd-wan Edge Version9.0

Oracle ≫ Sd-wan Edge Version9.1

Siemens ≫ Operation Scheduler Version < 2.0.4

Siemens ≫ Sipass Integrated Version2.80

Siemens ≫ Sipass Integrated Version2.85

Siemens ≫ Siveillance Identity Version1.5

Siemens ≫ Siveillance Identity Version1.6

Veritas ≫ Access Appliance Version7.4.3

Veritas ≫ Access Appliance Version7.4.3.100

Veritas ≫ Access Appliance Version7.4.3.200

Veritas ≫ Access Appliance Version7.4.3

Veritas ≫ Access Appliance Version7.4.3.100

Veritas ≫ Access Appliance Version7.4.3.200

Veritas ≫ Flex Appliance Version1.3

Veritas ≫ Flex Appliance Version2.0

Veritas ≫ Flex Appliance Version2.0.1

Veritas ≫ Flex Appliance Version2.0.2

Veritas ≫ Flex Appliance Version2.1

Veritas ≫ Netbackup Flex Scale Appliance Version2.1

Veritas ≫ Netbackup Flex Scale Appliance Version3.0

Veritas ≫ Netbackup Appliance Version4.0

Veritas ≫ Netbackup Appliance Version4.0.0.1 Updatemaintenance_release1

Veritas ≫ Netbackup Appliance Version4.0.0.1 Updatemaintenance_release2

Veritas ≫ Netbackup Appliance Version4.0.0.1 Updatemaintenance_release3

Veritas ≫ Netbackup Appliance Version4.1

Veritas ≫ Netbackup Appliance Version4.1.0.1 Updatemaintenance_release1

Veritas ≫ Netbackup Appliance Version4.1.0.1 Updatemaintenance_release2

Veritas ≫ Netbackup Virtual Appliance Version4.0

Veritas ≫ Netbackup Virtual Appliance Version4.0.0.1 Updatemaintenance_release1

Veritas ≫ Netbackup Virtual Appliance Version4.0.0.1 Updatemaintenance_release2

Veritas ≫ Netbackup Virtual Appliance Version4.0.0.1 Updatemaintenance_release3

Veritas ≫ Netbackup Virtual Appliance Version4.1

Veritas ≫ Netbackup Virtual Appliance Version4.1.0.1 Updatemaintenance_release1

Veritas ≫ Netbackup Virtual Appliance Version4.1.0.1 Updatemaintenance_release2

Siemens ≫ Operation Scheduler Version < 2.0.4

Siemens ≫ Simatic Speech Assistant For Machines Version < 1.2.1

Siemens ≫ Sinec Network Management System Version < 1.0.3

Siemens ≫ Sipass Integrated Version2.80

Siemens ≫ Sipass Integrated Version2.85

Siemens ≫ Siveillance Identity Version1.5

Siemens ≫ Siveillance Identity Version1.6

Oracle ≫ Commerce Platform Version11.3.2

Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.1.3

Oracle ≫ Communications Unified Inventory Management Version7.4.1

Oracle ≫ Communications Unified Inventory Management Version7.4.2

Oracle ≫ Communications Unified Inventory Management Version7.5.0

Oracle ≫ Retail Bulk Data Integration Version16.0.3

Oracle ≫ Retail Customer Management And Segmentation Foundation Version17.0

Oracle ≫ Retail Customer Management And Segmentation Foundation Version18.0

Oracle ≫ Retail Customer Management And Segmentation Foundation Version19.0

Oracle ≫ Retail Financial Integration Version14.1.3.2

Oracle ≫ Retail Financial Integration Version15.0.3.1

Oracle ≫ Retail Financial Integration Version16.0.3

Oracle ≫ Retail Financial Integration Version19.0.1

Oracle ≫ Retail Integration Bus Version14.1.3.2

Oracle ≫ Retail Integration Bus Version15.0.3.1

Oracle ≫ Retail Integration Bus Version16.0.3

Oracle ≫ Retail Integration Bus Version19.0.1

Oracle ≫ Retail Merchandising System Version16.0.3

Oracle ≫ Retail Merchandising System Version19.0.1

Oracle ≫ Weblogic Server Version12.2.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.4.0

Oracle ≫ Weblogic Server Version14.1.1.0.0

04.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Spring Framework JDK 9+ Remote Code Execution Vulnerability

Vulnerability

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.44%	1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://www.oracle.com/security-alerts/cpuapr2022.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Patch

Third Party Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005

Third Party Advisory

http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html