CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Published: Apr 2, 2022
Updated: May 9, 2024
CVE: CVE-2022-22965
GHSA: GHSA-36p3-wjmg-h94x
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Affected Software
References

Software	From	Fixed in
vmware / spring_framework	5.3.0	5.3.18
vmware / spring_framework	-	5.2.20
cisco / cx_cloud_agent	-	2.1.0
oracle / sd-wan_edge	9.0	9.0.x
oracle / retail_xstore_point_of_service	20.0.1	20.0.1.x
oracle / communications_cloud_native_core_security_edge_protection_proxy	1.7.0	1.7.0.x
oracle / financial_services_analytical_applications_infrastructure	8.1.1	8.1.1.x
oracle / sd-wan_edge	9.1	9.1.x
siemens / siveillance_identity	1.6	1.6.x
siemens / siveillance_identity	1.5	1.5.x
siemens / sipass_integrated	2.85	2.85.x
siemens / sipass_integrated	2.80	2.80.x
oracle / product_lifecycle_analytics	3.6.1	3.6.1.x
oracle / financial_services_enterprise_case_management	8.1.1.0	8.1.1.0.x
oracle / financial_services_enterprise_case_management	8.1.1.1	8.1.1.1.x
oracle / financial_services_behavior_detection_platform	8.1.2.0	8.1.2.0.x
oracle / financial_services_behavior_detection_platform	8.1.1.1	8.1.1.1.x
oracle / financial_services_behavior_detection_platform	8.1.1.0	8.1.1.0.x
oracle / communications_cloud_native_core_console	1.9.0	1.9.0.x
oracle / communications_cloud_native_core_policy	1.15.0	1.15.0.x
oracle / communications_cloud_native_core_unified_data_repository	1.15.0	1.15.0.x
oracle / communications_cloud_native_core_unified_data_repository	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_security_edge_protection_proxy	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_policy	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_network_slice_selection_function	1.8.0	1.8.0.x
oracle / communications_cloud_native_core_network_slice_selection_function	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_network_repository_function	1.15.0	1.15.0.x
oracle / communications_cloud_native_core_network_repository_function	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	1.10.0	1.10.0.x
oracle / communications_cloud_native_core_network_exposure_function	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_console	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_automated_test_suite	22.1.0	22.1.0.x
oracle / communications_cloud_native_core_automated_test_suite	1.9.0	1.9.0.x
oracle / retail_xstore_point_of_service	21.0.0	21.0.0.x
oracle / financial_services_enterprise_case_management	8.1.2.0	8.1.2.0.x
oracle / financial_services_analytical_applications_infrastructure	8.1.2.0	8.1.2.0.x
oracle / communications_policy_management	12.6.0.0.0	12.6.0.0.0.x
oracle / mysql_enterprise_monitor	-	8.0.29
oracle / communications_cloud_native_core_network_slice_selection_function	1.15.0	1.15.0.x
siemens / operation_scheduler	-	2.0.4
veritas / access_appliance	7.4.3	7.4.3.x
veritas / access_appliance	7.4.3.100	7.4.3.100.x
veritas / access_appliance	7.4.3.200	7.4.3.200.x
veritas / netbackup_virtual_appliance	4.0.0.1-maintenance_release1	4.0.0.1-maintenance_release1.x
veritas / netbackup_virtual_appliance	4.0.0.1-maintenance_release2	4.0.0.1-maintenance_release2.x
veritas / netbackup_virtual_appliance	4.0.0.1-maintenance_release3	4.0.0.1-maintenance_release3.x
veritas / netbackup_virtual_appliance	4.1.0.1-maintenance_release1	4.1.0.1-maintenance_release1.x
veritas / netbackup_virtual_appliance	4.1.0.1-maintenance_release2	4.1.0.1-maintenance_release2.x
veritas / netbackup_appliance	4.0.0.1-maintenance_release1	4.0.0.1-maintenance_release1.x
veritas / netbackup_appliance	4.0.0.1-maintenance_release2	4.0.0.1-maintenance_release2.x
veritas / netbackup_appliance	4.0.0.1-maintenance_release3	4.0.0.1-maintenance_release3.x
veritas / netbackup_appliance	4.1.0.1-maintenance_release1	4.1.0.1-maintenance_release1.x
veritas / netbackup_appliance	4.1.0.1-maintenance_release2	4.1.0.1-maintenance_release2.x
veritas / netbackup_virtual_appliance	4.0	4.0.x
veritas / netbackup_virtual_appliance	4.1	4.1.x
veritas / netbackup_appliance	4.0	4.0.x
veritas / netbackup_appliance	4.1	4.1.x
veritas / flex_appliance	2.0	2.0.x
veritas / flex_appliance	2.0.1	2.0.1.x
veritas / flex_appliance	2.0.2	2.0.2.x
veritas / flex_appliance	2.1	2.1.x
veritas / flex_appliance	1.3	1.3.x
veritas / netbackup_flex_scale_appliance	2.1	2.1.x
veritas / netbackup_flex_scale_appliance	3.0	3.0.x
siemens / sinec_network_management_system	-	1.0.3
siemens / simatic_speech_assistant_for_machines	-	1.2.1
oracle / weblogic_server	12.2.1.3.0	12.2.1.3.0.x
oracle / retail_customer_management_and_segmentation_foundation	17.0	17.0.x
oracle / retail_customer_management_and_segmentation_foundation	18.0	18.0.x
oracle / weblogic_server	12.2.1.4.0	12.2.1.4.0.x
oracle / weblogic_server	14.1.1.0.0	14.1.1.0.0.x
oracle / retail_customer_management_and_segmentation_foundation	19.0	19.0.x
oracle / retail_merchandising_system	16.0.3	16.0.3.x
oracle / retail_financial_integration	16.0.3	16.0.3.x
oracle / retail_integration_bus	16.0.3	16.0.3.x
oracle / communications_unified_inventory_management	7.4.1	7.4.1.x
oracle / retail_merchandising_system	19.0.1	19.0.1.x
oracle / retail_integration_bus	14.1.3.2	14.1.3.2.x
oracle / retail_financial_integration	14.1.3.2	14.1.3.2.x
oracle / retail_integration_bus	15.0.3.1	15.0.3.1.x
oracle / retail_financial_integration	15.0.3.1	15.0.3.1.x
oracle / commerce_platform	11.3.2	11.3.2.x
oracle / communications_unified_inventory_management	7.4.2	7.4.2.x
oracle / communications_unified_inventory_management	7.5.0	7.5.0.x
oracle / retail_integration_bus	19.0.1	19.0.1.x
oracle / retail_financial_integration	19.0.1	19.0.1.x
oracle / retail_bulk_data_integration	16.0.3	16.0.3.x
oracle / communications_cloud_native_core_binding_support_function	22.1.3	22.1.3.x
org.springframework / spring-beans	-	5.2.20.RELEASE
org.springframework / spring-beans	5.3.0	5.3.18
org.springframework / spring-webmvc	-	5.2.20.RELEASE
org.springframework / spring-webmvc	5.3.0	5.3.18
org.springframework.boot / spring-boot-starter-web	-	2.5.12
org.springframework.boot / spring-boot-starter-web	2.6.0	2.6.6
org.springframework / spring-webflux	-	5.2.20.RELEASE
org.springframework / spring-webflux	5.3.0	5.3.18
org.springframework.boot / spring-boot-starter-webflux	-	2.5.12
org.springframework.boot / spring-boot-starter-webflux	2.6.0	2.6.6

Vulnerability Database

289,599

CVE-2022-22965