CVE-2022-22963 - Vulnerability Details

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is in the KEV database since Aug. 25, 2022.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Oracle	Banking Branch Banking Cash Management Banking Corporate Lending Process Management Banking Credit Facilities Process Management Banking Electronic Data Exchange For Corporates Banking Liquidity Management Banking Origination Banking Supply Chain Finance Banking Trade Finance Process Management Banking Virtual Account Management Communications Cloud Native Core Automated Test Suite Communications Cloud Native Core Console Communications Cloud Native Core Network Exposure Function Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function Communications Cloud Native Core Network Slice Selection Function Communications Cloud Native Core Policy Communications Cloud Native Core Security Edge Protection Proxy Communications Cloud Native Core Unified Data Repository Communications Communications Policy Management Financial Services Analytical Applications Infrastructure Financial Services Behavior Detection Platform Financial Services Enterprise Case Management Mysql Enterprise Monitor Product Lifecycle Analytics Retail Xstore Point Of Service Sd-wan Edge
Redhat	Serverless
Vmware	Spring Cloud Function

Configuration 1 [-]

OR	cpe:2.3:a:vmware:spring_cloud_function::::::::
	cpe:2.3:a:vmware:spring_cloud_function::::::::

Configuration 2 [-]

OR	cpe:2.3:a:oracle:banking_branch:14.5:::::::*
	cpe:2.3:a:oracle:banking_cash_management:14.5:::::::*
	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:::::::*
	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:::::::*
	cpe:2.3:a:oracle:banking_electronic_data_exchange_for_corporates:14.5:::::::*
	cpe:2.3:a:oracle:banking_liquidity_management:14.2:::::::*
	cpe:2.3:a:oracle:banking_liquidity_management:14.5:::::::*
	cpe:2.3:a:oracle:banking_origination:14.5:::::::*
	cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:::::::*
	cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:::::::*
	cpe:2.3:a:oracle:banking_virtual_account_management:14.5:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:::::::*
	cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:::::::*
	cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1.0:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.1:::::::*

Package	CPE	Advisory	Released Date
Openshift Serveless 1.21
openshift-serverless-1/client-kn-rhel8:1.0.1-3	cpe:/a:redhat:serverless:1.21::el8	RHSA-2022:1292	2022-04-11T00:00:00Z
openshift-serverless-1/kn-cli-artifacts-rhel8:1.0.1-3	cpe:/a:redhat:serverless:1.21::el8	RHSA-2022:1292	2022-04-11T00:00:00Z
Openshift Serverless 1 on RHEL 8
openshift-serverless-clients-0:1.0.1-2.el8	cpe:/a:redhat:serverless:1.0::el8	RHSA-2022:1291	2022-04-11T00:00:00Z

References

Link	Providers
http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html
https://nvd.nist.gov/vuln/detail/CVE-2022-22963
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
https://tanzu.vmware.com/security/cve-2022-22963
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2022-22963
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html

History

Wed, 29 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-08-25'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 01:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2022-04-01T00:00:00.000Z

Updated: 2025-01-29T17:53:21.759Z

Reserved: 2022-01-10T00:00:00.000Z

Link: CVE-2022-22963

Vulnrichment

Updated: 2024-08-03T03:28:42.845Z

NVD

Status : Analyzed

Published: 2022-04-01T23:15:13.663

Modified: 2025-03-13T16:36:53.717

Link: CVE-2022-22963

Redhat

Severity : Critical

Publid Date: 2022-03-29T00:00:00Z

Links: CVE-2022-22963 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-22963", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "dateUpdated": "2025-01-29T17:53:21.759Z", "dateReserved": "2022-01-10T00:00:00.000Z", "datePublished": "2022-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2023-07-13T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources."}], "affected": [{"vendor": "n/a", "product": "Spring Cloud Function", "versions": [{"version": "Spring Cloud Function versions 3.1.6, 3.2.2 and all old and unsupported versions", "status": "affected"}]}], "references": [{"url": "https://tanzu.vmware.com/security/cve-2022-22963"}, {"name": "20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022", "tags": ["vendor-advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "cweId": "CWE-94"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:42.845Z"}, "title": "CVE Program Container", "references": [{"url": "https://tanzu.vmware.com/security/cve-2022-22963", "tags": ["x_transferred"]}, {"name": "20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022", "tags": ["vendor-advisory", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_transferred"]}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T17:53:06.523275Z", "id": "CVE-2022-22963", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-08-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22963"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:53:21.759Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tanzu.vmware.com/security/cve-2022-22963", "tags": ["x_transferred"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH", "name": "20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_transferred"]}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:42.845Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-22963", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T17:53:06.523275Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-08-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22963"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:53:16.295Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Spring Cloud Function", "versions": [{"status": "affected", "version": "Spring Cloud Function versions 3.1.6, 3.2.2 and all old and unsupported versions"}]}], "references": [{"url": "https://tanzu.vmware.com/security/cve-2022-22963"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH", "name": "20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022", "tags": ["vendor-advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"}], "descriptions": [{"lang": "en", "value": "In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2023-07-13T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-22963", "state": "PUBLISHED", "dateUpdated": "2025-01-29T17:53:21.759Z", "dateReserved": "2022-01-10T00:00:00.000Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2022-04-01T00:00:00.000Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-09-15", "cisaExploitAdd": "2022-08-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*", "matchCriteriaId": "905988BB-71EE-49CE-A73C-FBD4488299D2", "versionEndIncluding": "3.1.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*", "matchCriteriaId": "43C88657-BCAC-40EB-83EB-2FF70F9173A0", "versionEndIncluding": "3.2.2", "versionStartIncluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:banking_branch:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "BAE9DFCA-E0C2-420D-86D7-5593F12EE945", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_cash_management:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "626C6209-8BC3-4954-BF0C-51500582457E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "6EE231C5-8BF0-48F4-81EF-7186814664CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "2AA5FF83-B693-4DAB-B585-0FD641266231", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_electronic_data_exchange_for_corporates:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "A6B6968A-9EB3-46B6-9BD4-735EFED3F869", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7FC2BF9-B6D7-420E-9CF5-21AB770B9CC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "9D5A1417-2C59-431F-BF5C-A2BCFEBC95FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_origination:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "1D6889DD-D320-470C-BA94-165AC79A3AD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "45AB3A29-0994-46F4-8093-B4A9CE0BD95F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "AA4A9041-B9BC-451C-B1BD-4E2FD795BF27", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "E2696CD1-9514-405D-A3B3-8308EC1FA571", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2DF6C109-E3D3-431C-8101-2FF88763CF5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B5BB2213-08E7-497F-B672-556FD682D122", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "04E6C8E9-2024-496C-9BFD-4548A5B44E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1E3221BB-E48E-4B28-B84F-C888EE802A17", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0425918A-03F1-4541-BDEF-55B03E07E115", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4B0C905A-EA99-4B4E-A350-7F6A63CD6EB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D235B299-9A0E-44FF-84F1-2FFBC070A21D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C2E50B0-64B6-4696-9213-F5D9016058A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "570DB369-A31B-4108-A7FD-09F674129603", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CC69CF0-6269-40F5-871B-16CFD5EC4C45", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "172BECE8-9626-4910-AAA1-A2FA9C7139E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "078AEFC0-96DA-4F50-BE8E-8360718103A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", "versionEndIncluding": "8.0.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0531C009-B395-4E94-A5F0-A89A152E706B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AB16F34-D561-498F-A8C3-A24A47BCEBC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources."}, {"lang": "es", "value": "En Spring Cloud Function versiones 3.1.6, 3.2.2 y versiones anteriores no soportadas, cuando es usada la funcionalidad routing es posible que un usuario proporcione un SpEL especialmente dise\u00f1ado como expresi\u00f3n de enrutamiento que puede resultar en la ejecuci\u00f3n de c\u00f3digo remota y el acceso a recursos locales"}], "id": "CVE-2022-22963", "lastModified": "2025-03-13T16:36:53.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-04-01T23:15:13.663", "references": [{"source": "security@vmware.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"}, {"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://tanzu.vmware.com/security/cve-2022-22963"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"}, {"source": "security@vmware.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security@vmware.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tanzu.vmware.com/security/cve-2022-22963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@vmware.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-917"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:1292", "cpe": "cpe:/a:redhat:serverless:1.21::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.0.1-3", "product_name": "Openshift Serveless 1.21", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:1292", "cpe": "cpe:/a:redhat:serverless:1.21::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.0.1-3", "product_name": "Openshift Serveless 1.21", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:1291", "cpe": "cpe:/a:redhat:serverless:1.0::el8", "package": "openshift-serverless-clients-0:1.0.1-2.el8", "product_name": "Openshift Serverless 1 on RHEL 8", "release_date": "2022-04-11T00:00:00Z"}], "bugzilla": {"description": "spring-cloud-function: Remote code execution by malicious Spring Expression", "id": "2070668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070668"}, "csaw": true, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-94", "details": ["In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.", "A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls."], "mitigation": {"lang": "en:us", "value": "Affected customers should update immediately as soon as patched software is available. There are no other mitigations available at this time."}, "name": "CVE-2022-22963", "package_state": [{"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "impact": "low", "package_name": "spring-cloud-function", "product_name": "OpenShift Serverless"}], "public_date": "2022-03-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-22963\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22963\nhttps://tanzu.vmware.com/security/cve-2022-22963\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object