CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Published: Apr 2, 2022
Updated: Jun 29, 2024
CVE: CVE-2022-22963
GHSA: GHSA-6v73-fgf6-w5j7
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
vmware / spring_cloud_function	3.2.0	3.2.2.x
vmware / spring_cloud_function	-	3.1.6.x
oracle / sd-wan_edge	9.0	9.0.x
oracle / retail_xstore_point_of_service	20.0.1	20.0.1.x
oracle / communications_cloud_native_core_security_edge_protection_proxy	1.7.0	1.7.0.x
oracle / banking_cash_management	14.5	14.5.x
oracle / banking_trade_finance_process_management	14.5	14.5.x
oracle / banking_credit_facilities_process_management	14.5	14.5.x
oracle / banking_corporate_lending_process_management	14.5	14.5.x
oracle / banking_supply_chain_finance	14.5	14.5.x
oracle / sd-wan_edge	9.1	9.1.x
oracle / banking_liquidity_management	14.5	14.5.x
oracle / banking_liquidity_management	14.2	14.2.x
oracle / banking_virtual_account_management	14.5	14.5.x
oracle / financial_services_enterprise_case_management	8.1.1.0	8.1.1.0.x
oracle / financial_services_enterprise_case_management	8.1.1.1	8.1.1.1.x
oracle / financial_services_behavior_detection_platform	8.1.2.0	8.1.2.0.x
oracle / financial_services_behavior_detection_platform	8.1.1.1	8.1.1.1.x
oracle / financial_services_behavior_detection_platform	8.1.1.0	8.1.1.0.x
oracle / mysql_enterprise_monitor	-	8.0.29.x
oracle / communications_cloud_native_core_console	1.9.0	1.9.0.x
oracle / communications_cloud_native_core_policy	1.15.0	1.15.0.x
oracle / communications_communications_policy_management	12.6.0.0.0	12.6.0.0.0.x
oracle / communications_cloud_native_core_unified_data_repository	1.15.0	1.15.0.x
oracle / communications_cloud_native_core_unified_data_repository	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_security_edge_protection_proxy	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_policy	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_network_slice_selection_function	1.8.0	1.8.0.x
oracle / communications_cloud_native_core_network_slice_selection_function	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_network_repository_function	1.15.0	1.15.0.x
oracle / communications_cloud_native_core_network_repository_function	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	1.10.0	1.10.0.x
oracle / communications_cloud_native_core_network_exposure_function	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_console	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_automated_test_suite	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_automated_test_suite	1.9.0	1.9.0.x
oracle / product_lifecycle_analytics	3.6.1.0	3.6.1.0.x
oracle / retail_xstore_point_of_service	21.0.0	21.0.0.x
oracle / financial_services_enterprise_case_management	8.1.2.0	8.1.2.0.x
oracle / financial_services_analytical_applications_infrastructure	8.1.2.0	8.1.2.0.x
oracle / financial_services_analytical_applications_infrastructure	8.1.1.0	8.1.1.0.x
oracle / banking_origination	14.5	14.5.x
oracle / banking_electronic_data_exchange_for_corporates	14.5	14.5.x
oracle / banking_branch	14.5	14.5.x
oracle / communications_cloud_native_core_policy	22.1.3	22.1.3.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	22.1.2	22.1.2.x
org.springframework.cloud / spring-cloud-function-context	3.2.0	3.2.3
org.springframework.cloud / spring-cloud-function-context	-	3.1.7

Vulnerability Database

289,599

CVE-2022-22963