CVE-2022-22947

Published Mar 3, 2022

Last updated a year ago

Exploit known

Overview

Description: In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Source: security@vmware.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 10
Impact score: 6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Known exploits

Data from CISA

Vulnerability name: VMware Spring Cloud Gateway Code Injection Vulnerability
Exploit added on: May 16, 2022
Exploit action due: Jun 6, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-917
security@vmware.com: CWE-94

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:spring_cloud_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED6E19AB-5568-4296-99CD-DC54EC30E518",
            "versionEndExcluding": "3.0.7"
          },
          {
            "criteria": "cpe:2.3:a:vmware:spring_cloud_gateway:3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71D24F3E-9DA8-491B-841F-BDF95B8000B0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C2BC68D-C8B2-4C8B-9426-21F00CBDD873"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A264E0DE-209D-49B1-8B26-51AB8BBC97F1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Configurations

References