When using routing functionality in VMware Tanzu’s Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

zdt 2

redhat 3

githubexploit 33

osv 2

packetstorm 2

wallarmlab 1

saint 2

ibm 4

github 1

prion 1

cve 1

spring 1

cisco 1

openvas 1

redhatcve 1

akamaiblog 1

veracode 1

attackerkb 2

cvelist 1

nvd 1

checkpoint_advisories 1

kitploit 2

nessus 3

metasploit 1

wizblog 1

nuclei 1

exploitdb 1

rapid7blog 4

paloalto 1

threatpost 1

qualysblog 2

fortinet 1

thn 2

f5 1

cert 1

cisa 1

securelist 1

avleonov 1

malwarebytes 1

impervablog 1

mmpc 1

mssecure 1

trellix 2

checkpoint_security 1

ics 1

oracle 2

zdt

Spring Cloud Function SpEL Injection Exploit

2022-03-31 00:00:00

Spring Cloud 3.2.2 - Remote Command Execution Exploit

2023-07-11 00:00:00

redhat

(RHSA-2022:1291) Low: Release of OpenShift Serverless Client kn 1.21.1

2022-04-11 07:34:16

(RHSA-2022:1292) Low: Release of OpenShift Serverless 1.21.1

2022-04-11 08:22:04

(RHSA-2022:4880) Moderate: ACS 3.70 enhancement and security update

2022-06-02 02:02:58

githubexploit

Exploit for Expression Language Injection in Vmware Spring Cloud Function

2023-01-15 21:39:20

Exploit for Code Injection in Vmware Spring Cloud Function

2022-03-31 14:29:24

Exploit for Expression Language Injection in Vmware Spring Cloud Function

2023-12-28 06:58:17

osv

CVE-2022-22963

2022-04-01 23:15:13

Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression

2022-04-03 00:00:59

packetstorm

Spring Cloud 3.2.2 Remote Command Execution

2023-07-12 00:00:00

Spring Cloud Function SpEL Injection

2022-03-31 00:00:00

wallarmlab

Update on 0-day vulnerabilities in Spring (Spring4Shell and CVE-2022-22963)

2022-03-31 01:49:02

saint

Spring Cloud Function Remote Code Execution

2022-04-05 00:00:00

Spring Cloud Function Remote Code Execution

2022-04-05 00:00:00

ibm

Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22963

2022-07-28 19:47:33

Security Bulletin: CMIS is affected since it uses Spring Framework, but not vulnerable to [CVE-2022-22965] and [CVE-2022-22963]

2022-10-18 15:36:16

Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

2022-06-24 17:34:09

github

Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression

2022-04-03 00:00:59

prion

Remote code execution

2022-04-01 23:15:00

cve

CVE-2022-22963

2022-04-01 23:15:13

spring

CVE report published for Spring Cloud Function

2022-03-30 00:53:00

cisco

Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022

2022-04-01 23:45:00

openvas

VMware Spring Cloud Function < 3.1.7, 3.2.x < 3.2.3 RCE Vulnerability - Active Check

2022-05-06 00:00:00

redhatcve

CVE-2022-22963

2022-03-31 18:32:29

akamaiblog

Spring Cloud Function SpEL Injection (CVE-2022-22963) Exploited in the Wild

2022-03-31 19:30:00

veracode

Remote Code Execution

2022-03-31 01:51:42

attackerkb

CVE-2022-22963

2022-04-01 00:00:00

CVE-2021-38406

2021-09-09 00:00:00

cvelist

CVE-2022-22963

2022-04-01 00:00:00

nvd

CVE-2022-22963

2022-04-01 23:15:13

checkpoint_advisories

Spring Cloud Function Remote Code Execution (CVE-2022-22963)

2022-03-31 00:00:00

kitploit

CVE-2022-22963 - PoC Spring Java Framework 0-day Remote Code Execution Vulnerability

2022-03-31 11:30:00

Spring4Shell-Scan - A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities

2022-04-24 21:30:00

nessus

Spring Cloud Function SPEL Expression Injection (direct check)

2022-03-31 00:00:00

RHEL 8 : Release of OpenShift Serverless Client kn 1.21.1 (Low) (RHSA-2022:1291)

2024-04-28 00:00:00

VMware Spring Cloud Function < 3.1.7 / 3.2.x < 3.2.3 SPEL Expression Injection (local check)

2022-04-14 00:00:00

metasploit

Spring Cloud Function SpEL Injection

2022-03-30 22:38:41

wizblog

Addressing the Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments

2022-04-01 05:00:39

nuclei

Spring Cloud - Remote Code Execution

2022-03-27 14:47:28

exploitdb

Spring Cloud 3.2.2 - Remote Command Execution (RCE)

2023-07-11 00:00:00

rapid7blog

Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems

2022-04-01 14:42:42

Metasploit Weekly Wrap-Up

2022-04-01 18:34:29

What’s New in InsightVM and Nexpose: Q2 2022 in Review

2022-07-28 14:00:00

paloalto

Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965

2022-03-31 02:30:00

threatpost

RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn

2022-03-30 18:04:11

qualysblog

Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability

2022-03-31 09:00:00

Identify Server-Side Attacks Using Qualys Periscope

2022-12-01 23:11:35

fortinet

CVE-2022-22965 and CVE-2022-22963 vulnerabilities

2022-04-01 00:00:00

thn

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

2022-03-31 05:52:00

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

2022-08-29 04:23:00

K11510688 : Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963

2022-03-31 00:00:00

cert

Spring Framework insecurely handles PropertyDescriptor objects with data binding

2022-03-31 00:00:00

cisa

Spring Releases Security Updates Addressing "Spring4Shell" and Spring Cloud Function Vulnerabilities

2022-04-01 00:00:00

securelist

Spring4Shell (CVE-2022-22965): details and mitigations

2022-04-04 15:30:36

avleonov

Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection

2022-04-03 00:15:45

malwarebytes

4 over-hyped security vulnerabilities of 2022

2022-12-19 01:00:00

impervablog

Imperva Protects from New Spring Framework Zero-Day Vulnerabilities

2022-03-31 15:20:03

mmpc

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

2022-04-05 01:11:24

mssecure

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

2022-04-05 01:11:24

trellix

The Bug Report – April 2022 Edition

2022-05-04 00:00:00

The Bug Report – April 2022 Edition

2022-05-04 00:00:00

checkpoint_security

Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950

2022-03-30 21:41:02

ics

2022 Top Routinely Exploited Vulnerabilities

2023-08-03 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

JSON

Related for CISA-KEV-CVE-2022-22963