cve-2022-22965
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2024-08-03 03:28
Severity ?
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Impacted products
n/aSpring Framework
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-04-04

Due date: 2022-04-25

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22965

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.725Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/970766"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tanzu.vmware.com/security/cve-2022-22965"
          },
          {
            "name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:46:59",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tanzu.vmware.com/security/cve-2022-22965"
        },
        {
          "name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2022-22965",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tanzu.vmware.com/security/cve-2022-22965",
              "refsource": "MISC",
              "url": "https://tanzu.vmware.com/security/cve-2022-22965"
            },
            {
              "name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
            },
            {
              "name": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2022-22965",
    "datePublished": "2022-04-01T22:17:30",
    "dateReserved": "2022-01-10T00:00:00",
    "dateUpdated": "2024-08-03T03:28:42.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2022-22965",
      "cwes": "[\"CWE-94\"]",
      "dateAdded": "2022-04-04",
      "dueDate": "2022-04-25",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2022-22965",
      "product": "Spring Framework",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.",
      "vendorProject": "VMware",
      "vulnerabilityName": "Spring Framework JDK 9+ Remote Code Execution Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-22965\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2022-04-01T23:15:13.870\",\"lastModified\":\"2024-10-18T19:52:02.903\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"cisaExploitAdd\":\"2022-04-04\",\"cisaActionDue\":\"2022-04-25\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Spring Framework JDK 9+ Remote Code Execution Vulnerability\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.\"},{\"lang\":\"es\",\"value\":\"Una aplicaci\u00f3n Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecuci\u00f3n de c\u00f3digo remota (RCE) por medio de una vinculaci\u00f3n de datos. La explotaci\u00f3n espec\u00edfica requiere que la aplicaci\u00f3n sea ejecutada en Tomcat como un despliegue WAR. Si la aplicaci\u00f3n es desplegada como un jar ejecutable de Spring Boot, es decir, por defecto, no es vulnerable a la explotaci\u00f3n. Sin embargo, la naturaleza de la vulnerabilidad es m\u00e1s general, y puede haber otras formas de explotarla\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.20\",\"matchCriteriaId\":\"7417ECB4-3391-4273-9DAF-C9C82220CEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3.0\",\"versionEndExcluding\":\"5.3.18\",\"matchCriteriaId\":\"5049322E-FFAA-4CAA-B794-63539EA4E6D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9\",\"matchCriteriaId\":\"19F22333-401B-4DB1-A63D-622FA54C2BA9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.1.0\",\"matchCriteriaId\":\"0DA44823-E5F1-4922-BCCA-13BEB49C017B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4CA84D6-F312-4C29-A02B-050FCB7A902B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DF6C109-E3D3-431C-8101-2FF88763CF5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAAB7154-4DE8-4806-86D0-C1D33B84417B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5BB2213-08E7-497F-B672-556FD682D122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E24426EE-6A3F-413E-A70A-FB98CCD007A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2A5B24D-BDF2-423C-98EA-A40778C01A05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04E6C8E9-2024-496C-9BFD-4548A5B44E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F60E32F-0CA0-4C2D-9848-CB92765A9ACB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B61A7946-F554-44A9-9E41-86114E4B4914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA09838-BF13-46AC-BB97-A69F48B73A8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D163AA57-1D66-4FBF-A8BB-F13E56E5C489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6577F14-36B6-46A5-A1B1-FCCADA61A23B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4367D9B-BF81-47AD-A840-AC46317C774D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0425918A-03F1-4541-BDEF-55B03E07E115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D235B299-9A0E-44FF-84F1-2FFBC070A21D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6EAA723-2A23-4151-930B-86ACF9CC1C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C2E50B0-64B6-4696-9213-F5D9016058A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02AEDB9F-1040-4840-ACB6-8BF299886ACB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41C2C67B-BF55-4B48-A94D-1F37A4FAC68C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"172BECE8-9626-4910-AAA1-A2FA9C7139E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B3A10E-70A8-4332-8567-06AE2C45D3C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"059F0D4E-B007-4986-AB95-89F11147CB2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CAC78AD-86BB-4F06-B8CF-8E1329987F2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44563108-AD89-49A0-9FA5-7DE5A5601D2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCA5DC3F-E7D8-45E3-8114-2213EC631CDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"078AEFC0-96DA-4F50-BE8E-8360718103A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.29\",\"matchCriteriaId\":\"7ECCD8C1-C055-4958-A613-B6D1609687F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F978162-CB2C-4166-947A-9048C6E878BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69FB468-EAF3-4E67-95E7-DF92C281C1F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AB16F34-D561-498F-A8C3-A24A47BCEBC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E39D5C-5EFA-4FEB-909E-0A92004F2563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06816711-7C49-47B9-A9D7-FB18CC3F42F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.4\",\"matchCriteriaId\":\"435B691D-C763-4692-A46A-3422FA821ACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E77D85-0AE8-41D6-AC0C-983A8B73C831\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02B28A44-3708-480D-9D6D-DDF8C21A15EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9772EE3F-FFC5-4611-AD9A-8AD8304291BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF524892-278F-4373-A8A3-02A30FA1AFF4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26CDB573-611F-403C-9E9F-2A929B7B9602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E84BF8E9-9AB8-4591-9760-C9B727FD0BA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2605B356-2BDE-45B2-AAB3-55236E163588\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26CDB573-611F-403C-9E9F-2A929B7B9602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E84BF8E9-9AB8-4591-9760-C9B727FD0BA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2605B356-2BDE-45B2-AAB3-55236E163588\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E18698DE-9043-4AA0-B798-51C0B4CACBAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CE9674B-4528-4168-B09A-DBAA48622307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9810D40F-FF25-495F-80A4-7A8D8679FA33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02B3BC5A-97E2-4295-9EA3-62D29E579E9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC18FEAF-65B4-4F56-A703-21DF9B969B0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B1DC73-8B4C-418B-96A7-17C35E9164CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E6CF01-79F1-4E56-BB3C-02AE544876E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62D12B2A-0167-4010-888E-30BB96DBA3F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*\",\"matchCriteriaId\":\"42554066-06A0-44EF-8911-5982A4033E00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE52F0C6-7AB6-4E84-9A8C-01C2AE170504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2762443-9B5B-4675-84B3-21A60385F86E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F91A353F-6BEE-423E-BB6A-413C2C03D313\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6256AE6A-34BF-417A-BAB9-8889457BA31B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3F72DF7-C2C6-4009-82D8-462714D80DF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5C4BAEE-EAAE-46F6-A275-330EE41CF1F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5311A3B2-E1C7-4816-B1DD-F0166C65F5A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED4BC39F-2A18-4F2D-B5A6-A1590D220611\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E5BC47D-DD3A-4CE1-B313-18C9547E89EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*\",\"matchCriteriaId\":\"63459D69-EC29-49A6-9577-A48B63C63063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B20A490-3398-4B36-9630-98CADC801E9E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.4\",\"matchCriteriaId\":\"435B691D-C763-4692-A46A-3422FA821ACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.1\",\"matchCriteriaId\":\"D035FB7D-36A5-439E-9992-DE255F020AB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.3\",\"matchCriteriaId\":\"0D14E8FC-464B-414D-AE56-C20FF46E25FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E77D85-0AE8-41D6-AC0C-983A8B73C831\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02B28A44-3708-480D-9D6D-DDF8C21A15EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9772EE3F-FFC5-4611-AD9A-8AD8304291BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF524892-278F-4373-A8A3-02A30FA1AFF4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EDB6772-7FDB-45FF-8D72-952902A7EE56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3486C85C-57BC-433F-941C-E81539DA5C1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36E16AEF-ACEB-413C-888C-8D250F65C180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFAEA84-E376-40A2-8C9F-3E0676FEC527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"798E4FEE-9B2B-436E-A2B3-B8AA1079892A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B042849-7EF5-4A5F-B6CD-712C0B8735BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7435071D-0C95-4686-A978-AFC4C9A0D0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CFCE558-9972-46A2-8539-C16044F1BAA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"822A3C37-86F2-4E91-BE91-2A859F983941\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD311C33-A309-44D5-BBFB-539D72C7F8C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8383028-B719-41FD-9B6A-71F8EB4C5F8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf\",\"source\":\"security@vmware.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tanzu.vmware.com/security/cve-2022-22965\",\"source\":\"security@vmware.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.