← Back to CVEs
CVE-2022-22963
CRITICALCISA KEV9.8
Description
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/1/2022
Last Modified10/30/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorVMware Tanzu
ProductSpring Cloud
Vulnerability NameVMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
KEV Date Added2022-08-25
Remediation Due Date2022-09-15
Ransomware UseUnknown
Affected Products
oracle:banking_branchoracle:banking_cash_managementoracle:banking_corporate_lending_process_managementoracle:banking_credit_facilities_process_managementoracle:banking_electronic_data_exchange_for_corporatesoracle:banking_liquidity_managementoracle:banking_originationoracle:banking_supply_chain_financeoracle:banking_trade_finance_process_managementoracle:banking_virtual_account_managementoracle:communications_cloud_native_core_automated_test_suiteoracle:communications_cloud_native_core_consoleoracle:communications_cloud_native_core_network_exposure_functionoracle:communications_cloud_native_core_network_function_cloud_native_environmentoracle:communications_cloud_native_core_network_repository_functionoracle:communications_cloud_native_core_network_slice_selection_functionoracle:communications_cloud_native_core_policyoracle:communications_cloud_native_core_security_edge_protection_proxyoracle:communications_cloud_native_core_unified_data_repositoryoracle:communications_communications_policy_managementoracle:financial_services_analytical_applications_infrastructureoracle:financial_services_behavior_detection_platformoracle:financial_services_enterprise_case_managementoracle:mysql_enterprise_monitororacle:product_lifecycle_analyticsoracle:retail_xstore_point_of_serviceoracle:sd-wan_edgevmware:spring_cloud_function
Weaknesses (CWE)
CWE-94CWE-917
References
http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html(security@vmware.com)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005(security@vmware.com)
https://tanzu.vmware.com/security/cve-2022-22963(security@vmware.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH(security@vmware.com)
https://www.oracle.com/security-alerts/cpuapr2022.html(security@vmware.com)
https://www.oracle.com/security-alerts/cpujul2022.html(security@vmware.com)
http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005(af854a3a-2127-422b-91ae-364da2661108)
https://tanzu.vmware.com/security/cve-2022-22963(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22963(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.