FKIE_CVE-2022-22963

Vulnerability from fkie_nvd - Published: 2022-04-01 23:15 - Updated: 2025-10-30 19:56
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
References
security@vmware.comhttp://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
security@vmware.comhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005Third Party Advisory
security@vmware.comhttps://tanzu.vmware.com/security/cve-2022-22963Vendor Advisory
security@vmware.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxHThird Party Advisory
security@vmware.comhttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@vmware.comhttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tanzu.vmware.com/security/cve-2022-22963Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxHThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22963US Government Resource
Impacted products
Vendor Product Version
vmware spring_cloud_function *
vmware spring_cloud_function *
oracle banking_branch 14.5
oracle banking_cash_management 14.5
oracle banking_corporate_lending_process_management 14.5
oracle banking_credit_facilities_process_management 14.5
oracle banking_electronic_data_exchange_for_corporates 14.5
oracle banking_liquidity_management 14.2
oracle banking_liquidity_management 14.5
oracle banking_origination 14.5
oracle banking_supply_chain_finance 14.5
oracle banking_trade_finance_process_management 14.5
oracle banking_virtual_account_management 14.5
oracle communications_cloud_native_core_automated_test_suite 1.9.0
oracle communications_cloud_native_core_automated_test_suite 22.1.0
oracle communications_cloud_native_core_console 1.9.0
oracle communications_cloud_native_core_console 22.1.0
oracle communications_cloud_native_core_network_exposure_function 22.1.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.2
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle communications_cloud_native_core_network_repository_function 22.1.0
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_network_slice_selection_function 22.1.0
oracle communications_cloud_native_core_policy 1.15.0
oracle communications_cloud_native_core_policy 22.1.0
oracle communications_cloud_native_core_policy 22.1.3
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle communications_cloud_native_core_unified_data_repository 22.1.0
oracle communications_communications_policy_management 12.6.0.0.0
oracle financial_services_analytical_applications_infrastructure 8.1.1.0
oracle financial_services_analytical_applications_infrastructure 8.1.2.0
oracle financial_services_behavior_detection_platform 8.1.1.0
oracle financial_services_behavior_detection_platform 8.1.1.1
oracle financial_services_behavior_detection_platform 8.1.2.0
oracle financial_services_enterprise_case_management 8.1.1.0
oracle financial_services_enterprise_case_management 8.1.1.1
oracle financial_services_enterprise_case_management 8.1.2.0
oracle mysql_enterprise_monitor *
oracle product_lifecycle_analytics 3.6.1.0
oracle retail_xstore_point_of_service 20.0.1
oracle retail_xstore_point_of_service 21.0.0
oracle sd-wan_edge 9.0
oracle sd-wan_edge 9.1
To clipboard 

{
  "cisaActionDue": "2022-09-15",
  "cisaExploitAdd": "2022-08-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "905988BB-71EE-49CE-A73C-FBD4488299D2",
              "versionEndIncluding": "3.1.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43C88657-BCAC-40EB-83EB-2FF70F9173A0",
              "versionEndIncluding": "3.2.2",
              "versionStartIncluding": "3.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_branch:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAE9DFCA-E0C2-420D-86D7-5593F12EE945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_cash_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "626C6209-8BC3-4954-BF0C-51500582457E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE231C5-8BF0-48F4-81EF-7186814664CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA5FF83-B693-4DAB-B585-0FD641266231",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_electronic_data_exchange_for_corporates:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B6968A-9EB3-46B6-9BD4-735EFED3F869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FC2BF9-B6D7-420E-9CF5-21AB770B9CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5A1417-2C59-431F-BF5C-A2BCFEBC95FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_origination:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D6889DD-D320-470C-BA94-165AC79A3AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AB3A29-0994-46F4-8093-B4A9CE0BD95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4A9041-B9BC-451C-B1BD-4E2FD795BF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2696CD1-9514-405D-A3B3-8308EC1FA571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DF6C109-E3D3-431C-8101-2FF88763CF5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5BB2213-08E7-497F-B672-556FD682D122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E6C8E9-2024-496C-9BFD-4548A5B44E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3221BB-E48E-4B28-B84F-C888EE802A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0425918A-03F1-4541-BDEF-55B03E07E115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B0C905A-EA99-4B4E-A350-7F6A63CD6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D235B299-9A0E-44FF-84F1-2FFBC070A21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2E50B0-64B6-4696-9213-F5D9016058A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "570DB369-A31B-4108-A7FD-09F674129603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC69CF0-6269-40F5-871B-16CFD5EC4C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "172BECE8-9626-4910-AAA1-A2FA9C7139E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "078AEFC0-96DA-4F50-BE8E-8360718103A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
              "versionEndIncluding": "8.0.29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0531C009-B395-4E94-A5F0-A89A152E706B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB16F34-D561-498F-A8C3-A24A47BCEBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources."
    },
    {
      "lang": "es",
      "value": "En Spring Cloud Function versiones 3.1.6, 3.2.2 y versiones anteriores no soportadas, cuando es usada la funcionalidad routing es posible que un usuario proporcione un SpEL especialmente dise\u00f1ado como expresi\u00f3n de enrutamiento que puede resultar en la ejecuci\u00f3n de c\u00f3digo remota y el acceso a recursos locales"
    }
  ],
  "id": "CVE-2022-22963",
  "lastModified": "2025-10-30T19:56:53.730",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-04-01T23:15:13.663",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22963"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22963"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.