⚠ Actively exploited
Added to CISA KEV on 2022-08-25. Federal agencies required to patch by 2022-09-15. Required action: Apply updates per vendor instructions..

CVE-2022-22963Code Injection in Vmware Spring Cloud Function

CWE-94Code InjectionCWE-917Expression Language InjectionCWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-770Allocation of Resources Without Limits or Throttling26 documents19 sources
Severity
9.8CRITICALNVD
EPSS
94.5%
top < 0.01%
CISA KEV
KEV
Added 2022-08-25
Due 2022-09-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
51
Oracle Mysql Enterprise MonitorVmware Spring Cloud FunctionOracle Banking Branch+48 more
Timeline
PublishedApr 1
KEV addedAug 25
KEV dueSep 15
Latest updateJul 11
CISA Required Action: Apply updates per vendor instructions.

Description

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages52 packages

NVDvmware/spring_cloud_function3.2.03.2.2+1
CVEListV5vmware/spring_cloud_functionSpring Cloud Function versions 3.1.6, 3.2.2 and all old and unsupported versions

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression2022-04-03
OSV
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression2022-04-03
CVEList
CVE-2022-22963: In Spring Cloud Function versions 32022-04-01
VulnCheck
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability2022

💥Exploits & PoCs

2
Exploit-DB
Spring Cloud 3.2.2 - Remote Command Execution (RCE)2023-07-11
Nuclei
Spring Cloud - Remote Code Execution

🔍Detection Rules

1
Suricata
ET EXPLOIT Possible Spring Cloud Connector RCE Inbound (CVE-2022-22963)2022-03-31

📋Vendor Advisories

5
CISA
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability2022-08-25
Oracle
Oracle Oracle Communications Risk Matrix: DBTier (Spring Cloud Function) — CVE-2022-229632022-07-15
Cisco
Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 20222022-04-01
Palo Alto
Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-229652022-03-31
Red Hat
spring-cloud-function: Remote code execution by malicious Spring Expression2022-03-29

🕵️Threat Intelligence

6
Securelist
Spring4Shell (CVE-2022-22965): details and mitigations2022-04-04
Wiz
Addressing the Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments | Wiz Blog2022-04-01
Sentinelone
Spring Cloud Function RCE Vulnerability (CVE-2022-22963)2022-04-01
Sentinelone
Spring Cloud Function RCE Vulnerability (CVE-2022-22963)2022-04-01
Unit42
CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)2022-03-31

📄Research Papers

1
CTF
Inject / README