CVE-2022-22965: Spring Framework JDK 9+ Remote Code Execution Vulnerability
First published: Fri Apr 01 2022(Updated: )
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Spring Framework | ||
| VMware Spring Framework | <5.2.20 | |
| VMware Spring Framework | >=5.3.0<5.3.18 | |
| Cisco CX Cloud Agent | <2.1.0 | |
| Oracle Communications Cloud Native Core Automated Test Suite | =1.9.0 | |
| Oracle Communications Cloud Native Core Automated Test Suite | =22.1.0 | |
| Oracle Communications Cloud Native Core Console | =1.9.0 | |
| Oracle Communications Cloud Native Core Console | =22.1.0 | |
| Oracle Communications Cloud Native Core Network Exposure Function | =22.1.0 | |
| Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =1.10.0 | |
| Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =22.1.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =1.15.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =22.1.0 | |
| Oracle Communications Cloud Native Core Network Slice Selection Function | =1.8.0 | |
| Oracle Communications Cloud Native Core Network Slice Selection Function | =1.15.0 | |
| Oracle Communications Cloud Native Core Network Slice Selection Function | =22.1.0 | |
| Oracle Communications Cloud Native Core Policy | =1.15.0 | |
| Oracle Communications Cloud Native Core Policy | =22.1.0 | |
| Oracle Communications Cloud Native Core Security Edge Protection Proxy | =1.7.0 | |
| Oracle Communications Cloud Native Core Security Edge Protection Proxy | =22.1.0 | |
| Oracle Communications Cloud Native Core Unified Data Repository | =1.15.0 | |
| Oracle Communications Cloud Native Core Unified Data Repository | =22.1.0 | |
| Oracle Communications Policy Management | =12.6.0.0.0 | |
| Oracle Financial Services Analytical Applications Infrastructure | =8.1.1 | |
| Oracle Financial Services Analytical Applications Infrastructure | =8.1.2.0 | |
| Oracle Financial Services Behavior Detection Platform | =8.1.1.0 | |
| Oracle Financial Services Behavior Detection Platform | =8.1.1.1 | |
| Oracle Financial Services Behavior Detection Platform | =8.1.2.0 | |
| Oracle Financial Services Enterprise Case Management | =8.1.1.0 | |
| Oracle Financial Services Enterprise Case Management | =8.1.1.1 | |
| Oracle Financial Services Enterprise Case Management | =8.1.2.0 | |
| Oracle Mysql Enterprise Monitor | <8.0.29 | |
| Oracle Product Lifecycle Analytics | =3.6.1 | |
| Oracle Retail Xstore Point of Service | =20.0.1 | |
| Oracle Retail Xstore Point of Service | =21.0.0 | |
| Oracle SD-WAN Edge | =9.0 | |
| Oracle SD-WAN Edge | =9.1 | |
| Siemens Operation Scheduler | <2.0.4 | |
| Siemens SiPass integrated | =2.80 | |
| Siemens SiPass integrated | =2.85 | |
| Siemens Siveillance Identity | =1.5 | |
| Siemens Siveillance Identity | =1.6 | |
| Veritas Access Appliance | =7.4.3 | |
| Veritas Access Appliance | =7.4.3.100 | |
| Veritas Access Appliance | =7.4.3.200 | |
| Veritas Flex Appliance | =1.3 | |
| Veritas Flex Appliance | =2.0 | |
| Veritas Flex Appliance | =2.0.1 | |
| Veritas Flex Appliance | =2.0.2 | |
| Veritas Flex Appliance | =2.1 | |
| Veritas Netbackup Flex Scale Appliance | =2.1 | |
| Veritas Netbackup Flex Scale Appliance | =3.0 | |
| Veritas NetBackup Appliance | =4.0 | |
| Veritas NetBackup Appliance | =4.0.0.1-maintenance_release1 | |
| Veritas NetBackup Appliance | =4.0.0.1-maintenance_release2 | |
| Veritas NetBackup Appliance | =4.0.0.1-maintenance_release3 | |
| Veritas NetBackup Appliance | =4.1 | |
| Veritas NetBackup Appliance | =4.1.0.1-maintenance_release1 | |
| Veritas NetBackup Appliance | =4.1.0.1-maintenance_release2 | |
| Veritas Netbackup Virtual Appliance | =4.0 | |
| Veritas Netbackup Virtual Appliance | =4.0.0.1-maintenance_release1 | |
| Veritas Netbackup Virtual Appliance | =4.0.0.1-maintenance_release2 | |
| Veritas Netbackup Virtual Appliance | =4.0.0.1-maintenance_release3 | |
| Veritas Netbackup Virtual Appliance | =4.1 | |
| Veritas Netbackup Virtual Appliance | =4.1.0.1-maintenance_release1 | |
| Veritas Netbackup Virtual Appliance | =4.1.0.1-maintenance_release2 | |
| Siemens Simatic Speech Assistant For Machines | <1.2.1 | |
| Siemens Sinec Network Management System | <1.0.3 | |
| Oracle Commerce Platform | =11.3.2 | |
| Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
| Oracle Communications Unified Inventory Management | =7.4.1 | |
| Oracle Communications Unified Inventory Management | =7.4.2 | |
| Oracle Communications Unified Inventory Management | =7.5.0 | |
| Oracle Retail Bulk Data Integration | =16.0.3 | |
| Oracle Retail Customer Management and Segmentation Foundation | =17.0 | |
| Oracle Retail Customer Management and Segmentation Foundation | =18.0 | |
| Oracle Retail Customer Management and Segmentation Foundation | =19.0 | |
| Oracle Retail Financial Integration | =14.1.3.2 | |
| Oracle Retail Financial Integration | =15.0.3.1 | |
| Oracle Retail Financial Integration | =16.0.3 | |
| Oracle Retail Financial Integration | =19.0.1 | |
| Oracle Retail Integration Bus | =14.1.3.2 | |
| Oracle Retail Integration Bus | =15.0.3.1 | |
| Oracle Retail Integration Bus | =16.0.3 | |
| Oracle Retail Integration Bus | =19.0.1 | |
| Oracle Retail Merchandising System | =16.0.3 | |
| Oracle Retail Merchandising System | =19.0.1 | |
| Oracle WebLogic Server | =12.2.1.3.0 | |
| Oracle WebLogic Server | =12.2.1.4.0 | |
| Oracle WebLogic Server | =14.1.1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
- http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
- https://tanzu.vmware.com/security/cve-2022-22965
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- agent/references
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/title
- agent/severity
- agent/author
- agent/weakness
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware spring framework
- version/vmware spring framework/5.3.0
- vendor/cisco
- canonical/cisco cx cloud agent
- vendor/oracle
- canonical/oracle communications cloud native core automated test suite
- version/oracle communications cloud native core automated test suite/1.9.0
- version/oracle communications cloud native core automated test suite/22.1.0
- canonical/oracle communications cloud native core console
- version/oracle communications cloud native core console/1.9.0
- version/oracle communications cloud native core console/22.1.0
- canonical/oracle communications cloud native core network exposure function
- version/oracle communications cloud native core network exposure function/22.1.0
- canonical/oracle communications cloud native core network function cloud native environment
- version/oracle communications cloud native core network function cloud native environment/1.10.0
- version/oracle communications cloud native core network function cloud native environment/22.1.0
- canonical/oracle communications cloud native core network repository function
- version/oracle communications cloud native core network repository function/1.15.0
- version/oracle communications cloud native core network repository function/22.1.0
- canonical/oracle communications cloud native core network slice selection function
- version/oracle communications cloud native core network slice selection function/1.8.0
- version/oracle communications cloud native core network slice selection function/1.15.0
- version/oracle communications cloud native core network slice selection function/22.1.0
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.15.0
- version/oracle communications cloud native core policy/22.1.0
- canonical/oracle communications cloud native core security edge protection proxy
- version/oracle communications cloud native core security edge protection proxy/1.7.0
- version/oracle communications cloud native core security edge protection proxy/22.1.0
- canonical/oracle communications cloud native core unified data repository
- version/oracle communications cloud native core unified data repository/1.15.0
- version/oracle communications cloud native core unified data repository/22.1.0
- canonical/oracle communications policy management
- version/oracle communications policy management/12.6.0.0.0
- canonical/oracle financial services analytical applications infrastructure
- version/oracle financial services analytical applications infrastructure/8.1.1
- version/oracle financial services analytical applications infrastructure/8.1.2.0
- canonical/oracle financial services behavior detection platform
- version/oracle financial services behavior detection platform/8.1.1.0
- version/oracle financial services behavior detection platform/8.1.1.1
- version/oracle financial services behavior detection platform/8.1.2.0
- canonical/oracle financial services enterprise case management
- version/oracle financial services enterprise case management/8.1.1.0
- version/oracle financial services enterprise case management/8.1.1.1
- version/oracle financial services enterprise case management/8.1.2.0
- canonical/oracle mysql enterprise monitor
- canonical/oracle product lifecycle analytics
- version/oracle product lifecycle analytics/3.6.1
- canonical/oracle retail xstore point of service
- version/oracle retail xstore point of service/20.0.1
- version/oracle retail xstore point of service/21.0.0
- canonical/oracle sd-wan edge
- version/oracle sd-wan edge/9.0
- version/oracle sd-wan edge/9.1
- vendor/siemens
- canonical/siemens operation scheduler
- canonical/siemens sipass integrated
- version/siemens sipass integrated/2.80
- version/siemens sipass integrated/2.85
- canonical/siemens siveillance identity
- version/siemens siveillance identity/1.5
- version/siemens siveillance identity/1.6
- vendor/veritas
- canonical/veritas access appliance
- version/veritas access appliance/7.4.3
- version/veritas access appliance/7.4.3.100
- version/veritas access appliance/7.4.3.200
- canonical/veritas flex appliance
- version/veritas flex appliance/1.3
- version/veritas flex appliance/2.0
- version/veritas flex appliance/2.0.1
- version/veritas flex appliance/2.0.2
- version/veritas flex appliance/2.1
- canonical/veritas netbackup flex scale appliance
- version/veritas netbackup flex scale appliance/2.1
- version/veritas netbackup flex scale appliance/3.0
- canonical/veritas netbackup appliance
- version/veritas netbackup appliance/4.0
- version/veritas netbackup appliance/4.0.0.1-maintenance_release1
- version/veritas netbackup appliance/4.0.0.1-maintenance_release2
- version/veritas netbackup appliance/4.0.0.1-maintenance_release3
- version/veritas netbackup appliance/4.1
- version/veritas netbackup appliance/4.1.0.1-maintenance_release1
- version/veritas netbackup appliance/4.1.0.1-maintenance_release2
- canonical/veritas netbackup virtual appliance
- version/veritas netbackup virtual appliance/4.0
- version/veritas netbackup virtual appliance/4.0.0.1-maintenance_release1
- version/veritas netbackup virtual appliance/4.0.0.1-maintenance_release2
- version/veritas netbackup virtual appliance/4.0.0.1-maintenance_release3
- version/veritas netbackup virtual appliance/4.1
- version/veritas netbackup virtual appliance/4.1.0.1-maintenance_release1
- version/veritas netbackup virtual appliance/4.1.0.1-maintenance_release2
- canonical/siemens simatic speech assistant for machines
- canonical/siemens sinec network management system
- canonical/oracle commerce platform
- version/oracle commerce platform/11.3.2
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/22.1.3
- canonical/oracle communications unified inventory management
- version/oracle communications unified inventory management/7.4.1
- version/oracle communications unified inventory management/7.4.2
- version/oracle communications unified inventory management/7.5.0
- canonical/oracle retail bulk data integration
- version/oracle retail bulk data integration/16.0.3
- canonical/oracle retail customer management and segmentation foundation
- version/oracle retail customer management and segmentation foundation/17.0
- version/oracle retail customer management and segmentation foundation/18.0
- version/oracle retail customer management and segmentation foundation/19.0
- canonical/oracle retail financial integration
- version/oracle retail financial integration/14.1.3.2
- version/oracle retail financial integration/15.0.3.1
- version/oracle retail financial integration/16.0.3
- version/oracle retail financial integration/19.0.1
- canonical/oracle retail integration bus
- version/oracle retail integration bus/14.1.3.2
- version/oracle retail integration bus/15.0.3.1
- version/oracle retail integration bus/16.0.3
- version/oracle retail integration bus/19.0.1
- canonical/oracle retail merchandising system
- version/oracle retail merchandising system/16.0.3
- version/oracle retail merchandising system/19.0.1
- canonical/oracle weblogic server
- version/oracle weblogic server/12.2.1.3.0
- version/oracle weblogic server/12.2.1.4.0
- version/oracle weblogic server/14.1.1.0.0