csaf_redhat - rhsa-2022:1291

RHSA-2022:1291

Vulnerability from csaf_redhat - Published: 2022-04-11 08:25 - Updated: 2025-11-21 18:29

Summary

Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.21.1

Notes

Topic

Release of OpenShift Serverless Client kn 1.21.1 Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat OpenShift Serverless Client kn 1.21.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Security Fix(es): * spring-cloud-function: Remote code execution by malicious Spring Expression (CVE-2022-22963) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Release of OpenShift Serverless Client kn 1.21.1\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Serverless Client kn 1.21.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n\n* spring-cloud-function: Remote code execution by malicious Spring Expression (CVE-2022-22963)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:1291",
        "url": "https://access.redhat.com/errata/RHSA-2022:1291"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-003"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index",
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index",
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index",
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
        "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
      },
      {
        "category": "external",
        "summary": "2070668",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070668"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1291.json"
      }
    ],
    "title": "Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.21.1",
    "tracking": {
      "current_release_date": "2025-11-21T18:29:48+00:00",
      "generator": {
        "date": "2025-11-21T18:29:48+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2022:1291",
      "initial_release_date": "2022-04-11T08:25:14+00:00",
      "revision_history": [
        {
          "date": "2022-04-11T08:25:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-04-11T08:25:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:29:48+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Serverless 1.0",
                "product": {
                  "name": "Red Hat OpenShift Serverless 1.0",
                  "product_id": "8Base-Openshift-Serverless-1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:serverless:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Serverless"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-serverless-clients-0:1.0.1-2.el8.src",
                "product": {
                  "name": "openshift-serverless-clients-0:1.0.1-2.el8.src",
                  "product_id": "openshift-serverless-clients-0:1.0.1-2.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-serverless-clients@1.0.1-2.el8?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-serverless-clients-0:1.0.1-2.el8.x86_64",
                "product": {
                  "name": "openshift-serverless-clients-0:1.0.1-2.el8.x86_64",
                  "product_id": "openshift-serverless-clients-0:1.0.1-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-serverless-clients@1.0.1-2.el8?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-serverless-clients-0:1.0.1-2.el8.ppc64le",
                "product": {
                  "name": "openshift-serverless-clients-0:1.0.1-2.el8.ppc64le",
                  "product_id": "openshift-serverless-clients-0:1.0.1-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-serverless-clients@1.0.1-2.el8?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-serverless-clients-0:1.0.1-2.el8.s390x",
                "product": {
                  "name": "openshift-serverless-clients-0:1.0.1-2.el8.s390x",
                  "product_id": "openshift-serverless-clients-0:1.0.1-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-serverless-clients@1.0.1-2.el8?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-clients-0:1.0.1-2.el8.ppc64le as a component of Red Hat OpenShift Serverless 1.0",
          "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.ppc64le"
        },
        "product_reference": "openshift-serverless-clients-0:1.0.1-2.el8.ppc64le",
        "relates_to_product_reference": "8Base-Openshift-Serverless-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-clients-0:1.0.1-2.el8.s390x as a component of Red Hat OpenShift Serverless 1.0",
          "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.s390x"
        },
        "product_reference": "openshift-serverless-clients-0:1.0.1-2.el8.s390x",
        "relates_to_product_reference": "8Base-Openshift-Serverless-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-clients-0:1.0.1-2.el8.src as a component of Red Hat OpenShift Serverless 1.0",
          "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.src"
        },
        "product_reference": "openshift-serverless-clients-0:1.0.1-2.el8.src",
        "relates_to_product_reference": "8Base-Openshift-Serverless-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-clients-0:1.0.1-2.el8.x86_64 as a component of Red Hat OpenShift Serverless 1.0",
          "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.x86_64"
        },
        "product_reference": "openshift-serverless-clients-0:1.0.1-2.el8.x86_64",
        "relates_to_product_reference": "8Base-Openshift-Serverless-1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-22963",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2022-03-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2070668"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "spring-cloud-function: Remote code execution by malicious Spring Expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.ppc64le",
          "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.s390x",
          "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.src",
          "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-22963"
        },
        {
          "category": "external",
          "summary": "RHBZ#2070668",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070668"
        },
        {
          "category": "external",
          "summary": "RHSB-2022-003",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22963",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-22963"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22963",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22963"
        },
        {
          "category": "external",
          "summary": "https://tanzu.vmware.com/security/cve-2022-22963",
          "url": "https://tanzu.vmware.com/security/cve-2022-22963"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2022-03-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-04-11T08:25:14+00:00",
          "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
          "product_ids": [
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.ppc64le",
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.s390x",
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.src",
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:1291"
        },
        {
          "category": "workaround",
          "details": "Affected customers should update immediately as soon as patched software is available. There are no other mitigations available at this time.",
          "product_ids": [
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.ppc64le",
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.s390x",
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.src",
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.ppc64le",
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.s390x",
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.src",
            "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.0.1-2.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-08-25T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "spring-cloud-function: Remote code execution by malicious Spring Expression"
    }
  ]
}

CVE-2022-22963 (GCVE-0-2022-22963)

Vulnerability from cvelistv5 – Published: 2022-04-01 00:00 – Updated: 2025-10-21 23:15

Summary

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

vmware

References

URL

Tags

	https://tanzu.vmware.com/security/cve-2022-22963
	https://tools.cisco.com/security/center/content/C…	vendor-advisory
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://psirt.global.sonicwall.com/vuln-detail/SN…
	https://www.oracle.com/security-alerts/cpujul2022.html
	http://packetstormsecurity.com/files/173430/Sprin…

Impacted products

	Vendor	Product	Version
	n/a	Spring Cloud Function	Affected: Spring Cloud Function versions 3.1.6, 3.2.2 and all old and unsupported versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.845Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://tanzu.vmware.com/security/cve-2022-22963"
          },
          {
            "name": "20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-22963",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T17:53:06.523275Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-08-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22963"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:42.941Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22963"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-08-25T00:00:00+00:00",
            "value": "CVE-2022-22963 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Cloud Function",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring  Cloud Function versions 3.1.6, 3.2.2 and all old and unsupported versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-13T00:00:00.000Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://tanzu.vmware.com/security/cve-2022-22963"
        },
        {
          "name": "20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2022-22963",
    "datePublished": "2022-04-01T00:00:00.000Z",
    "dateReserved": "2022-01-10T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:42.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2022:1291

CVE-2022-22963 (GCVE-0-2022-22963)

Tags

Sightings

Nomenclature