CVE-2022-22963
published 2022-04-01CVE-2022-22963: In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-09-15
Exploited in the wild
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Affected
71 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | banking_branch | — | — |
| oracle | banking_cash_management | — | — |
| oracle | banking_corporate_lending_process_management | — | — |
| oracle | banking_credit_facilities_process_management | — | — |
| oracle | banking_electronic_data_exchange_for_corporates | — | — |
| oracle | banking_liquidity_management | — | — |
| oracle | banking_liquidity_management | — | — |
| oracle | banking_origination | — | — |
| oracle | banking_supply_chain_finance | — | — |
| oracle | banking_trade_finance_process_management | — | — |
| oracle | banking_virtual_account_management | — | — |
| oracle | communications_cloud_native_core_automated_test_suite | — | — |
| oracle | communications_cloud_native_core_automated_test_suite | — | — |
| oracle | communications_cloud_native_core_console | — | — |
| oracle | communications_cloud_native_core_console | — | — |
| oracle | communications_cloud_native_core_network_exposure_function | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | communications_cloud_native_core_network_repository_function | — | — |
| oracle | communications_cloud_native_core_network_repository_function | — | — |
| oracle | communications_cloud_native_core_network_slice_selection_function | — | — |
| oracle | communications_cloud_native_core_network_slice_selection_function | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL