Vulnerability Description
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Framework | < 5.2.20 |
| Oracle | Jdk | >= 9 |
| Cisco | Cx Cloud Agent | < 2.1.0 |
| Oracle | Communications Cloud Native Core Automated Test Suite | 1.9.0 |
| Oracle | Communications Cloud Native Core Console | 1.9.0 |
| Oracle | Communications Cloud Native Core Network Exposure Function | 22.1.0 |
| Oracle | Communications Cloud Native Core Network Function Cloud Native Environment | 1.10.0 |
| Oracle | Communications Cloud Native Core Network Repository Function | 1.15.0 |
| Oracle | Communications Cloud Native Core Network Slice Selection Function | 1.8.0 |
| Oracle | Communications Cloud Native Core Policy | 1.15.0 |
| Oracle | Communications Cloud Native Core Security Edge Protection Proxy | 1.7.0 |
| Oracle | Communications Cloud Native Core Unified Data Repository | 1.15.0 |
| Oracle | Communications Policy Management | 12.6.0.0.0 |
| Oracle | Financial Services Analytical Applications Infrastructure | 8.1.1 |
| Oracle | Financial Services Behavior Detection Platform | 8.1.1.0 |
| Oracle | Financial Services Enterprise Case Management | 8.1.1.0 |
| Oracle | Mysql Enterprise Monitor | < 8.0.29 |
| Oracle | Product Lifecycle Analytics | 3.6.1 |
| Oracle | Retail Xstore Point Of Service | 20.0.1 |
| Oracle | Sd-Wan Edge | 9.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfPatchThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005Third Party Advisory
- https://tanzu.vmware.com/security/cve-2022-22965MitigationVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jThird Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
- http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfPatchThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005Third Party Advisory
- https://tanzu.vmware.com/security/cve-2022-22965MitigationVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jThird Party Advisory
- https://www.kb.cert.org/vuls/id/970766US Government Resource
FAQ
What is CVE-2022-22965?
CVE-2022-22965 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR ...
How severe is CVE-2022-22965?
CVE-2022-22965 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-22965?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Framework, Oracle Jdk, Cisco Cx Cloud Agent, Oracle Communications Cloud Native Core Automated Test Suite, Oracle Communications Cloud Native Core Console.