CVE-2022-22947: VMware Spring Cloud Gateway Code Injection Vulnerability
First published: Thu Mar 03 2022(Updated: )
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Credit: security@vmware.com security@vmware.com security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.springframework.cloud:spring-cloud-gateway | >=3.1.0<3.1.1 | 3.1.1 |
| maven/org.springframework.cloud:spring-cloud-gateway | <3.0.7 | 3.0.7 |
| VMware Spring Cloud Gateway | ||
| VMware Spring Cloud Gateway | <3.0.7 | |
| VMware Spring Cloud Gateway | =3.1.0 | |
| Oracle Commerce Guided Search | =11.3.2 | |
| Oracle Communications Cloud Native Core Binding Support Function | =1.11.0 | |
| Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
| Oracle Communications Cloud Native Core Console | =22.2.0 | |
| Oracle Communications Cloud Native Core Network Exposure Function | =22.1.0 | |
| Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =1.10.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =1.15.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =1.15.1 | |
| Oracle Communications Cloud Native Core Network Repository Function | =22.1.2 | |
| Oracle Communications Cloud Native Core Network Repository Function | =22.2.0 | |
| Oracle Communications Cloud Native Core Network Slice Selection Function | =1.8.0 | |
| Oracle Communications Cloud Native Core Network Slice Selection Function | =22.1.0 | |
| Oracle Communications Cloud Native Core Security Edge Protection Proxy | =22.1.1 | |
| Oracle Communications Cloud Native Core Service Communication Proxy | =1.15.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2022-22947
- https://tanzu.vmware.com/security/cve-2022-22947
- http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html
- https://github.com/advisories/GHSA-3gx9-37ww-9qw6 (Advisory)
Frequently Asked Questions
What is CVE-2022-22947?
CVE-2022-22947 is a code injection vulnerability in VMware Spring Cloud Gateway, allowing arbitrary remote execution.
What is affected by CVE-2022-22947?
Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ are affected by CVE-2022-22947, as well as certain Oracle products.
How severe is CVE-2022-22947?
CVE-2022-22947 is classified as critical and has a severity score of 10.
How do I fix CVE-2022-22947?
To fix CVE-2022-22947, upgrade to Spring Cloud Gateway version 3.1.1+ or 3.0.7+. Apply the provided fix for affected Oracle products.
Where can I find more information about CVE-2022-22947?
You can find more information about CVE-2022-22947 at the NIST National Vulnerability Database (NVD) and VMware Security Advisory pages.
- collector/github-advisory-latest
- alias/GHSA-3gx9-37ww-9qw6
- alias/CVE-2022-22947
- collector/github-advisory
- agent/author
- agent/type
- agent/remedy
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- package-manager/maven
- vendor/vmware
- canonical/vmware spring cloud gateway
- version/vmware spring cloud gateway/3.1.0
- vendor/oracle
- canonical/oracle commerce guided search
- version/oracle commerce guided search/11.3.2
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/1.11.0
- version/oracle communications cloud native core binding support function/22.1.3
- canonical/oracle communications cloud native core console
- version/oracle communications cloud native core console/22.2.0
- canonical/oracle communications cloud native core network exposure function
- version/oracle communications cloud native core network exposure function/22.1.0
- canonical/oracle communications cloud native core network function cloud native environment
- version/oracle communications cloud native core network function cloud native environment/1.10.0
- canonical/oracle communications cloud native core network repository function
- version/oracle communications cloud native core network repository function/1.15.0
- version/oracle communications cloud native core network repository function/1.15.1
- version/oracle communications cloud native core network repository function/22.1.2
- version/oracle communications cloud native core network repository function/22.2.0
- canonical/oracle communications cloud native core network slice selection function
- version/oracle communications cloud native core network slice selection function/1.8.0
- version/oracle communications cloud native core network slice selection function/22.1.0
- canonical/oracle communications cloud native core security edge protection proxy
- version/oracle communications cloud native core security edge protection proxy/22.1.1
- canonical/oracle communications cloud native core service communication proxy
- version/oracle communications cloud native core service communication proxy/1.15.0