Lucene search
VmwareCVELIST:CVE-2022-22947HistoryMar 03, 2022 - 12:00 a.m.
CVE-2022-22947
2022-03-0300:00:00
CWE-94
vmware
www.cve.org
2
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
CNA Affected
[
{
"vendor": "n/a",
"product": "Spring Cloud Gateway",
"versions": [
{
"version": "Spring cloud gateway versions 3.1.x prior to 3.1.1+, 3.0.x prior to 3.0.7+ and all old and unsupported versions",
"status": "affected"
}
]
}
]References
packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html
packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html
tanzu.vmware.com/security/cve-2022-22947
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html
Related
githubexploit
githubexploit
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
2022-11-15 09:11:14
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
2022-03-17 09:12:51
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
2022-04-15 15:41:36
veracode
veracode
Code Injection
2022-03-02 08:46:00
openvas
openvas
checkpoint_advisories
checkpoint_advisories
Spring Cloud Gateway Remote Code Execution (CVE-2022-22947)
2022-04-03 00:00:00
malwarebytes
malwarebytes
Sysrv botnet is out to mine Monero on your Windows and Linux servers
2022-05-18 12:55:00
zdt
zdt
Spring Cloud Gateway 3.1.0 Remote Code Execution Exploit
2022-10-17 00:00:00
Spring Cloud Gateway 3.1.0 - Remote Code Execution Exploit
2022-03-07 00:00:00
github
github
cve
cve
CVE-2022-22947
2022-03-03 22:15:08
attackerkb
attackerkb
CVE-2022-22947
2022-03-03 00:00:00
nessus
nessus
VMware Spring Cloud Gateway 3.0 < 3.0.7 / 3.1 < 3.1.1 Code Injection
2022-07-29 00:00:00
Spring Cloud Gateway Code Injection (CVE-2022-22947)
2023-05-26 00:00:00
cisa_kev
cisa_kev
VMware Spring Cloud Gateway Code Injection Vulnerability
2022-05-16 00:00:00
osv
osv
CVE-2022-22947
2022-03-03 22:15:08
nuclei
nuclei
Spring Cloud Gateway Code Injection
2022-03-02 08:45:10
nvd
nvd
CVE-2022-22947
2022-03-03 22:15:08
packetstorm
packetstorm
Spring Cloud Gateway 3.1.0 Remote Code Execution
2022-10-17 00:00:00
Spring Cloud Gateway 3.1.0 Remote Code Execution
2022-03-07 00:00:00
metasploit
metasploit
Spring Cloud Gateway Remote Code Execution
2022-10-06 19:48:36
prion
prion
Code injection
2022-03-03 22:15:00
thn
thn
New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners
2022-05-17 09:37:00
Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability
2022-05-17 03:17:00
threatpost
threatpost
Sysrv-K Botnet Targets Windows, Linux
2022-05-17 13:53:19
EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
2022-05-31 12:24:44
cnvd
cnvd
Spring Cloud Gateway Remote Code Execution Vulnerability
2022-03-03 00:00:00
exploitdb
exploitdb
Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)
2022-03-07 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2022-10-14 17:03:46
2022 Annual Metasploit Wrap-Up
2022-12-30 15:00:00
avleonov
avleonov
mssecure
mssecure
mmpc
mmpc
checkpoint_security
checkpoint_security
securelist
securelist
IT threat evolution in Q1 2022. Non-mobile statistics
2022-05-27 08:00:05
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00