CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
References
Link Resource
http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf Patch Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 Third Party Advisory
https://tanzu.vmware.com/security/cve-2022-22965 Mitigation Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf Patch Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 Third Party Advisory
https://tanzu.vmware.com/security/cve-2022-22965 Mitigation Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 Third Party Advisory
https://www.kb.cert.org/vuls/id/970766
https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:47

Type Values Removed Values Added
References
  • () https://www.kb.cert.org/vuls/id/970766 -
References () http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html - Third Party Advisory, VDB Entry
References () https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf - Patch, Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf - Patch, Third Party Advisory
References () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 - Third Party Advisory () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 - Third Party Advisory
References () https://tanzu.vmware.com/security/cve-2022-22965 - Mitigation, Vendor Advisory () https://tanzu.vmware.com/security/cve-2022-22965 - Mitigation, Vendor Advisory
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 - Third Party Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 - Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuapr2022.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpuapr2022.html - Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory

18 Oct 2024, 19:52

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
First Time Oracle jdk

25 Jul 2022, 18:20

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

19 May 2022, 14:21

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html - (MISC) http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html - Third Party Advisory, VDB Entry
CPE cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*

10 May 2022, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html -

21 Apr 2022, 14:40

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html - (MISC) http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf - Third Party Advisory
CPE cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*

20 Apr 2022, 00:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

19 Apr 2022, 19:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf -

13 Apr 2022, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html -

08 Apr 2022, 17:43

Type Values Removed Values Added
CPE cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CWE CWE-94
References (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 - (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 - Third Party Advisory
References (MISC) https://tanzu.vmware.com/security/cve-2022-22965 - (MISC) https://tanzu.vmware.com/security/cve-2022-22965 - Mitigation, Vendor Advisory
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 - Third Party Advisory

02 Apr 2022, 20:15

Type Values Removed Values Added
References
  • (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 -

02 Apr 2022, 03:15

Type Values Removed Values Added
References
  • (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 -

01 Apr 2022, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-01 23:15

Updated : 2025-01-29 18:15


NVD link : CVE-2022-22965

Mitre link : CVE-2022-22965

CVE.ORG link : CVE-2022-22965


JSON object : View

Products Affected

oracle

  • sd-wan_edge
  • communications_cloud_native_core_console
  • communications_unified_inventory_management
  • retail_merchandising_system
  • financial_services_behavior_detection_platform
  • retail_financial_integration
  • product_lifecycle_analytics
  • mysql_enterprise_monitor
  • communications_cloud_native_core_security_edge_protection_proxy
  • communications_cloud_native_core_network_exposure_function
  • jdk
  • communications_cloud_native_core_network_slice_selection_function
  • communications_cloud_native_core_policy
  • retail_xstore_point_of_service
  • commerce_platform
  • communications_cloud_native_core_binding_support_function
  • communications_policy_management
  • retail_customer_management_and_segmentation_foundation
  • weblogic_server
  • retail_integration_bus
  • communications_cloud_native_core_network_function_cloud_native_environment
  • communications_cloud_native_core_unified_data_repository
  • financial_services_analytical_applications_infrastructure
  • communications_cloud_native_core_automated_test_suite
  • financial_services_enterprise_case_management
  • retail_bulk_data_integration
  • communications_cloud_native_core_network_repository_function

siemens

  • siveillance_identity
  • operation_scheduler
  • simatic_speech_assistant_for_machines
  • sipass_integrated
  • sinec_network_management_system

veritas

  • netbackup_virtual_appliance
  • netbackup_appliance
  • netbackup_flex_scale_appliance
  • flex_appliance
  • access_appliance

vmware

  • spring_framework

cisco

  • cx_cloud_agent
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')