CVE-2022-22947
published 2022-03-03CVE-2022-22947: In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is…
PriorityP1100critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2022-06-06
Exploited in the wild
EPSS
98.25%
99.9th percentile
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | commerce_guided_search | — | — |
| oracle | communications_cloud_native_core_binding_support_function | — | — |
| oracle | communications_cloud_native_core_binding_support_function | — | — |
| oracle | communications_cloud_native_core_console | — | — |
| oracle | communications_cloud_native_core_network_exposure_function | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | communications_cloud_native_core_network_repository_function | — | — |
| oracle | communications_cloud_native_core_network_repository_function | — | — |
| oracle | communications_cloud_native_core_network_repository_function | — | — |
| oracle | communications_cloud_native_core_network_repository_function | — | — |
| oracle | communications_cloud_native_core_network_slice_selection_function | — | — |
| oracle | communications_cloud_native_core_network_slice_selection_function | — | — |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | — | — |
| oracle | communications_cloud_native_core_service_communication_proxy | — | — |
| vmware | spring_cloud_gateway | < 3.0.7 | 3.0.7 |
| vmware | spring_cloud_gateway | — | — |
| vmware | spring_cloud_gateway | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests to /actuator/gateway/routes or /gateway/routes — a 200 response with JSON fields 'predicate' or 'route_id' confirms the vulnerable endpoint is exposed. ↗
- →Alert on HTTP POST requests to /gateway/routes/<any_route_name> from unauthenticated sources — this is the route-creation step used to inject malicious SpEL expressions for RCE. ↗
- →Monitor for outbound HTTP requests from the Spring Cloud Gateway process to 169.254.169.254 (AWS IMDS), which indicates SSRF abuse via a crafted malicious route. ↗
- →Detect SpEL (Spring Expression Language) injection patterns in POST body payloads to /gateway/routes/* endpoints — exploitation uses SpEL expressions to achieve RCE. ↗
- →Scope detection to Spring Cloud Gateway versions 3.1.0, 3.0.0–3.0.6, and older unsupported versions — these are the confirmed vulnerable versions. ↗
- ·The Gateway Actuator endpoint is NOT exposed by default — exploitation requires an explicit misconfiguration enabling unauthenticated public access. ↗
- ·The SSRF abuse path to AWS IMDS only succeeds if IMDSv1 is enabled on the host; IMDSv2 (the AWS default for new instances) blocks this attack vector. ↗
- ·28% of cloud environments using Spring Cloud Gateway were observed running vulnerable versions (3.1.0, 3.0.0–3.0.6), indicating broad real-world exposure. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck10.0CRITICAL
cisa10.0CRITICAL
vendor_oracle10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Communications Risk Matrix: BSF (Spring Cloud Gateway) — CVE-2022-22947
vendor_oracle·2022-07-15·CVSS 10.0
CVE-2022-22947 [CRITICAL] Oracle Oracle Communications Risk Matrix: BSF (Spring Cloud Gateway) — CVE-2022-22947
Oracle Oracle Communications Risk Matrix: BSF (Spring Cloud Gateway) vulnerability
CVE: CVE-2022-22947
CVSS: 10.0
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2022 (JUL 2022)
CISA
VMware Spring Cloud Gateway Code Injection Vulnerability
cisa·2022-05-16·CVSS 10.0
CVE-2022-22947 [CRITICAL] CWE-94 VMware Spring Cloud Gateway Code Injection Vulnerability
Vulnerability: VMware Spring Cloud Gateway Code Injection Vulnerability
Affected: VMware Spring Cloud Gateway
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22947
Remediation Due Date: 2022-06-06
Oracle
Oracle Oracle Communications Risk Matrix: NEF (Spring Cloud Gateway) — CVE-2022-22947
vendor_oracle·2022-04-15·CVSS 10.0
CVE-2022-22947 [CRITICAL] Oracle Oracle Communications Risk Matrix: NEF (Spring Cloud Gateway) — CVE-2022-22947
Oracle Oracle Communications Risk Matrix: NEF (Spring Cloud Gateway) vulnerability
CVE: CVE-2022-22947
CVSS: 10.0
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2022 (APR 2022)
GHSA
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
ghsa·2022-03-04
CVE-2022-22947 [CRITICAL] CWE-917 Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the remote host.
OSV
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
osv·2022-03-04
CVE-2022-22947 [CRITICAL] Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the remote host.
VulnCheck
VMware Spring Cloud Gateway Code Injection Vulnerability
vulncheck·2022·CVSS 10.0
CVE-2022-22947 [CRITICAL] CWE-94 VMware Spring Cloud Gateway Code Injection Vulnerability
VMware Spring Cloud Gateway Code Injection Vulnerability
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
Affected: VMware Spring Cloud Gateway
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.botconf.eu/wp-content/uploads/2022/05/Botconf2022-24-PalotayZsigovits.pdf; https://www.bleepingcomputer.com/news/security/microsoft-sysrv-botnet-targets-windows-linux-servers-with-new-exploits/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.malwarebytes.com/blog/news/2022/05/sysrv-botnet-is-out-to-mine-monero-on-your-windows-and-linux-servers; https://cybersecurity.att.com/blogs/labs-research/rapidly-evolvin
Suricata
ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947) (set)
suricata·2022-03-02·CVSS 10.0
CVE-2022-22947 [CRITICAL] ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947) (set)
ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947) (set)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947) (set)"; flow:established,to_server; flowbits:set,ET.vmware.2022.22947; http.request_line; content:"POST /actuator/gateway/routes/"; startswith; fast_pattern; http.request_body; content:"|22|filters|22 3a|"; nocase; content:"|22 23 7b|"; within:115; reference:cve,2022-22947; classtype:attempted-admin; sid:2035380; rev:2; metadata:attack_target Server, created_at 2022_03_02, cve CVE_2022_22947, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2022_03_02, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acces
Suricata
ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947)
suricata·2022-03-02·CVSS 10.0
CVE-2022-22947 [CRITICAL] ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947)
ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947)"; flow:established,to_server; flowbits:isset,ET.vmware.2022.22947; http.request_line; content:"POST /actuator/gateway/refresh"; startswith; fast_pattern; http.request_body; content:"|22|filters|22 3a|"; nocase; content:"|22 23 7b|"; within:115; reference:cve,2022-22947; classtype:attempted-admin; sid:2035381; rev:2; metadata:attack_target Server, created_at 2022_03_02, cve CVE_2022_22947, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2022_03_02, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
Exploit-DB
Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)
exploitdb·2022-03-07·CVSS 10.0
CVE-2022-22947 [CRITICAL] Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)
Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)
---
# Exploit Title: Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)
# Google Dork: N/A
# Date: 03/03/2022
# Exploit Author: Carlos E. Vieira
# Vendor Homepage: https://spring.io/
# Software Link: https://spring.io/projects/spring-cloud-gateway
# Version: This vulnerability affect Spring Cloud Gateway #
# #
# Example: #
# python3 exploit.py http://localhost:8080 'id' #
# #
###################################################
""")
def main():
banner()
if len(sys.argv) != 3:
print("[-] Error: Invalid arguments")
print("[-] Usage: python3 exploit.py ")
exit(1)
else:
url = sys.argv[1]
command = sys.argv[2]
print(exploit(url, command))
if __name__ == '__main__':
main()
Metasploit
Spring Cloud Gateway Remote Code Execution
metasploit
Spring Cloud Gateway Remote Code Execution
Spring Cloud Gateway Remote Code Execution
This module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions = 3.1.0 and 3.0.0 to 3.0.6. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL expressions to execute code and take control of the victim machine.
Nuclei
Spring Cloud Gateway Code Injection
nuclei·CVSS 10.0
CVE-2022-22947 [CRITICAL] Spring Cloud Gateway Code Injection
Spring Cloud Gateway Code Injection
Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Template:
id: CVE-2022-22947
info:
name: Spring Cloud Gateway Code Injection
author: pdteam
severity: critical
description: Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
impact: |
Successful exploitatio
Qualys
Inside the Surge of PHP and IoT Exploits with Qualys TRU | Qualys
blogs_qualys·2025-10-30·CVSS 10.0
CVE-2022-22947 [CRITICAL] Inside the Surge of PHP and IoT Exploits with Qualys TRU | Qualys
#### Table of Contents
- PHP Servers Are the Top Target for Vulnerabilities and Misconfigurations
- PHP Exploitation Trends and Noteworthy CVEs
- The Dangers of Exposed Secrets and Credentials
- IOT Devices Remain a Weak Link in Security
- MVPower DVR Shell Unauthenticated Command Execution
- Cloud Vulnerabilities: CVE-2022-22947
- Threat Actors Exploit Cloud Resources for Reconnaissance
- 5 Best Practices to Reduce Exploitation Risk
- Building Resilience with Integrated Security
Attack automation is accelerating, widening the window between detection and response. Qualys TRU telemetry reveals how these attacks unfold and what defenders can do next.
The Qualys Threat Research Unit (TRU) has identified a sharp increase in attacks targeting PHP servers, IoT devices, and cloud gateways, pr
Qualys
What Security Teams Need to Know as PHP and IoT Exploits Surge
blogs_qualys·2025-10-30·CVSS 10.0
CVE-2022-22947 [CRITICAL] What Security Teams Need to Know as PHP and IoT Exploits Surge
## Table of Contents
PHP Servers Are the Top Target for Vulnerabilities and Misconfigurations
PHP Exploitation Trends and Noteworthy CVEs
The Dangers of Exposed Secrets and Credentials
IOT Devices Remain a Weak Link in Security
MVPower DVR Shell Unauthenticated Command Execution
Cloud Vulnerabilities: CVE-2022-22947
Threat Actors Exploit Cloud Resources for Reconnaissance
5 Best Practices to Reduce Exploitation Risk
Building Resilience with Integrated Security
Attack automation is accelerating, widening the window between detection and response. Qualys TRU telemetry reveals how these attacks unfold and what defenders can do next.
The Qualys Threat Research Unit (TRU) has identified a sharp increase in attacks targeting PHP servers, IoT devices, and cloud gateways, primarily driv
Wiz
Exploring Spring Boot Actuator Misconfigurations | Wiz Blog
blogs_wiz·2024-12-16
Exploring Spring Boot Actuator Misconfigurations | Wiz Blog
# TL;DR
Spring Boot Actuator is widely used for Java application observability, found in over 60% of cloud environments, but its exposure can lead to serious security risks when misconfigured. These misconfigurations can lead to exposure of sensitive data and credentials (e.g., API keys, tokens, and passwords) and even enable remote code execution (RCE) in certain versions of Spring Boot.
We set out to analyze how organizations are deploying Spring Boot Actuator in the cloud, and actively detect misconfigurations within our customers’ environments. Our analysis has revealed that these weaknesses are more common than one might expect, occurring in 1 out of 4 of environments with publicly exposed Actuators.
This blog aims to raise awareness of these risks and offer actionable insights to
Wiz
Exploring Spring Boot Actuator Misconfigurations | Wiz Blog
blogs_wiz·2024-12-16
Exploring Spring Boot Actuator Misconfigurations | Wiz Blog
## TL;DR
Spring Boot Actuator is widely used for Java application observability, found in over 60% of cloud environments, but its exposure can lead to serious security risks when misconfigured. These misconfigurations can lead to exposure of sensitive data and credentials (e.g., API keys, tokens, and passwords) and even enable remote code execution ( RCE ) in certain versions of Spring Boot.
We set out to analyze how organizations are deploying Spring Boot Actuator in the cloud, and actively detect misconfigurations within our customers’ environments. Our analysis has revealed that these weaknesses are more common than one might expect, occurring in 1 out of 4 of environments with publicly exposed Actuators.
This blog aims to raise awareness of these risks and offer actionable insights
Fortinet
2022 IoT Threat Review | FortiGuard Labs
blogs_fortinet·2023-01-13·CVSS 8.8
[HIGH] 2022 IoT Threat Review | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
2022 IoT Threat Review
By Eduardo Altares, Joie Salvio and Roy Tay | January 13, 2023
FortiGuard Labs monitors the IoT botnet threat landscape for new and emerging campaigns. We do this with the assistance of our honeypots we have deployed to capture active attacks in the wild. This article provides insights into the data collected from our monitoring system over the past year.
Affected Platforms: Linux
Impacted Users: Any organization
Impact: Remote attackers gain control of the vulnerable systems
Severity Level: Critical
Attack Origins
Our distributed honeypot systems allow us to capture and monitor campaigns that are actively targeting IoT devices for infection. In most cases, these devices are turned into bots used to perform Distributed Denial o
Fortinet
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
blogs_fortinet·2022-10-21·CVSS 9.8
CVE-2022-22954 [CRITICAL] Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
FORTIGUARD LABS THREAT RESEARCH
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
By Cara Lin | October 21, 2022
In April, VMware patched a vulnerability CVE-2022-22954. It causes server-side template injection because of the lack of sanitization on parameters “deviceUdid” and “devicetype”. It allows attackers to inject a payload and achieve remote code execution on VMware Workspace ONE Access and Identity Manager. FortiGuard Labs published Threat Signal Report about it and also developed IPS signature in April.
We observed attacks in the wild since then. Most of the payloads focus on probing a victim’s sensitive data, for example, passwords, hosts file, etc. But in August, there were a few particular payloads, which got our interest. They had th
Unit42
Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
blogs_unit42·2022-08-19·CVSS 8.8
CVE-2021-20166 [HIGH] Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
Threat Research Center
Trend Reports
Vulnerabilities
## Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
Yue Guan
Published: August 19, 2022
Trend Reports
Vulnerabilities
Attack analysis
CVE-2021-20166
CVE-2021-20167
CVE-2021-21881
CVE-2021-24762
CVE-2021-28169
CVE-2021-31589
CVE-2021-39226
CVE-2021-4045
CVE-2021-43711
CVE-2022-21371
CVE-2022-21662
CVE-2022-22536
CVE-2022-22947
CVE-2022-22954
CVE-2022-22963
CVE-2022-22965
CVE-2022-24112
CVE-2022-24260
CVE-2022-25060
CVE-2022-25075
CVE-2022-25134
CVE-2022-27226
CVE-2022-29464
Exploit in the wild
Network security trends
## Executive Summary
Recent observations of exploits used in the wild reveal that attackers have been making use
Unit42
Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
blogs_unit42·2022-08-19
Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
## Executive Summary
Recent observations of exploits used in the wild reveal that attackers have been making use of newly published remote code execution vulnerabilities in VMware ONE Access and Identity Manager and Spring Cloud Function, Spring MVC and Spring Web Flux, among others. Attackers have also been taking advantage of a cross-site scripting vulnerability in WordPress core, and SQL injection vulnerabilities in VoIPmonitor GUI and other services. In our observations of network security trends, Unit 42 researchers select exploits of the latest published attacks that defenders should know based on the availability of proofs of concept (PoCs), the severity of the vulnerabilities the exploits are based on and the ease of exploitation.
Other insights that could assist defenders includ
Securelist
IT threat evolution in Q1 2022. Non-mobile statistics
blogs_securelist·2022-05-27
IT threat evolution in Q1 2022. Non-mobile statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Geography of financial malware attacks
TOP 10 banking malware families
Ransomware programs
Quarterly trends and highlights
Law enforcement successes
HermeticWiper, HermeticRansom and RUransom, etc.
Conti source-code leak
Attacks on NAS devices
Maze Decryptor
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacked users
TOP 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by criminals during cyberattacks
Quarter highlights
Vulnerability statistics
Attacks on macOS
Geography of threats for macOS
IoT attacks
IoT threat
Securelist
PC malware statistics, Q1 2022
blogs_securelist·2022-05-27
PC malware statistics, Q1 2022
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by criminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution in Q1 2022
- IT threat evolution in Q1 2022. Non-mobile statistics
- IT threat evolution in Q1 2022. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q1 2022:
- Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe.
- Web Anti-Virus recognized 313,164,030 unique URLs as malicious.
- Attempts to run malware
Tenable
Oracle April 2022 Critical Patch Update Addresses 221 CVEs
blogs_tenable·2022-04-20
Oracle April 2022 Critical Patch Update Addresses 221 CVEs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlhttps://tanzu.vmware.com/security/cve-2022-22947https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttp://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlhttps://tanzu.vmware.com/security/cve-2022-22947https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22947
2022-03-03
Published
2022-05-16
Added to CISA KEV
Exploited in the wild