In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Published 2022-04-01 23:15:14
Updated 2023-07-13 23:15:09
Source VMware
View at NVD,   CVE.org
Vulnerability category: Execute code

CVE-2022-22963 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Notes:
https://tanzu.vmware.com/security/cve-2022-22963
Added on 2022-08-25 Action due date 2022-09-15

Exploit prediction scoring system (EPSS) score for CVE-2022-22963

Probability of exploitation activity in the next 30 days: 97.54%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2022-22963

  • Spring Cloud Function SpEL Injection
    Disclosure Date: 2022-03-29
    First seen: 2022-12-23
    exploit/multi/http/spring_cloud_function_spel_injection
    Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression heade

CVSS scores for CVE-2022-22963

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2022-22963

References for CVE-2022-22963

Products affected by CVE-2022-22963

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!