var-202203-1506
Vulnerability from variot

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:

A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Installation instructions are available from the Fuse 7.10 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Low: Red Hat Decision Manager 7.12.1 security update Advisory ID: RHSA-2022:1379-01 Product: Red Hat Decision Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:1379 Issue date: 2022-04-14 CVE Names: CVE-2022-22965 ==================================================================== 1. Summary:

An update is now available for Red Hat Decision Manager.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and business optimization for solving planning problems. It automates business decisions and makes that logic available to the entire business.

This asynchronous security patch is an update to Red Hat Decision Manager 7.

Security Fix(es):

  • spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes the Spring MVC and WebFlux jars.

For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.

The References section of this erratum contains a download link (you must log in to download the update).

  1. Bugs fixed (https://bugzilla.redhat.com/):

2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+

  1. References:

https://access.redhat.com/security/cve/CVE-2022-22965 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=rhdm&version=7.12.1

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2 /Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW RY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB CZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU aFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM Cbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa 7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv zP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2 EC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD Bw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6 DCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD Pjhf0e6lKl4=xaz4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1506",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "communications cloud native core network function cloud native environment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "retail merchandising system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1"
      },
      {
        "model": "communications cloud native core console",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.9.0"
      },
      {
        "model": "communications cloud native core network slice selection function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.15.0"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.6.0.0.0"
      },
      {
        "model": "financial services enterprise case management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.1.1"
      },
      {
        "model": "financial services behavior detection platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.1.0"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.5.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1"
      },
      {
        "model": "flex appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "2.0.2"
      },
      {
        "model": "access appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "7.4.3.200"
      },
      {
        "model": "spring framework",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "5.3.18"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4.2"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3.1"
      },
      {
        "model": "communications cloud native core security edge protection proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "netbackup appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.0"
      },
      {
        "model": "netbackup flex scale appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "3.0"
      },
      {
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.1"
      },
      {
        "model": "communications cloud native core unified data repository",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "financial services enterprise case management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.2.0"
      },
      {
        "model": "commerce platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3.2"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.0.0"
      },
      {
        "model": "communications cloud native core network function cloud native environment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.10.0"
      },
      {
        "model": "cx cloud agent",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.0"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4.1"
      },
      {
        "model": "spring framework",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "5.3.0"
      },
      {
        "model": "flex appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "2.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "access appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "7.4.3"
      },
      {
        "model": "operation scheduler",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0.4"
      },
      {
        "model": "netbackup appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.1"
      },
      {
        "model": "netbackup appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.0.0.1"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0"
      },
      {
        "model": "product lifecycle analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.6.1"
      },
      {
        "model": "financial services enterprise case management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.1.0"
      },
      {
        "model": "communications cloud native core network repository function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "netbackup virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.1.0.1"
      },
      {
        "model": "communications cloud native core network repository function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.15.0"
      },
      {
        "model": "flex appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "2.1"
      },
      {
        "model": "communications cloud native core binding support function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.3"
      },
      {
        "model": "communications cloud native core automated test suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.9.0"
      },
      {
        "model": "netbackup flex scale appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "2.1"
      },
      {
        "model": "sd-wan edge",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.0"
      },
      {
        "model": "communications cloud native core security edge protection proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3.1"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "access appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "7.4.3.100"
      },
      {
        "model": "communications cloud native core network slice selection function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.80"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.1.0.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.0.1"
      },
      {
        "model": "sd-wan edge",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "communications cloud native core network exposure function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "spring framework",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "5.2.20"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3.2"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.2.0"
      },
      {
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.15.0"
      },
      {
        "model": "communications cloud native core unified data repository",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.15.0"
      },
      {
        "model": "financial services behavior detection platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.1.1"
      },
      {
        "model": "sinec network management system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.3"
      },
      {
        "model": "netbackup virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.0"
      },
      {
        "model": "retail merchandising system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "communications cloud native core automated test suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1"
      },
      {
        "model": "communications cloud native core console",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "netbackup appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.1.0.1"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.29"
      },
      {
        "model": "flex appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "2.0.1"
      },
      {
        "model": "financial services behavior detection platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.2.0"
      },
      {
        "model": "flex appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "1.3"
      },
      {
        "model": "netbackup virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.1"
      },
      {
        "model": "netbackup virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.0.0.1"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.85"
      },
      {
        "model": "communications cloud native core network slice selection function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.8.0"
      },
      {
        "model": "simatic speech assistant for machines",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.2.1"
      },
      {
        "model": "retail bulk data integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3.2"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.18",
                "versionStartIncluding": "5.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.2.20",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.29",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This document was written by Will DormannWe have not received a statement from the vendor.",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#970766"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2022-22965",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-411825",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-22965",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-22965",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202203-2642",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202203-2514",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-411825",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22965",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. The purpose of this text-only errata is to inform you\nabout the security issues fixed in this release. Description:\n\nA micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat\nCamel K that includes CVE fixes in the base images, which are documented in\nthe Release Notes document linked in the References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. \n\nInstallation instructions are available from the Fuse 7.10 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Low: Red Hat Decision Manager 7.12.1 security update\nAdvisory ID:       RHSA-2022:1379-01\nProduct:           Red Hat Decision Manager\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1379\nIssue date:        2022-04-14\nCVE Names:         CVE-2022-22965\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Decision Manager. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and business optimization for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nThis asynchronous security patch is an update to Red Hat Decision Manager\n7. \n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+\n(CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. \n\nThis release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes\nthe Spring MVC and WebFlux jars. \n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-22965\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-003\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=rhdm\u0026version=7.12.1\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2\n/Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW\nRY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB\nCZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU\naFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM\nCbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa\n7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv\nzP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2\nEC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD\nBw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6\nDCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD\nPjhf0e6lKl4=xaz4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      },
      {
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "db": "PACKETSTORM",
        "id": "166706"
      },
      {
        "db": "PACKETSTORM",
        "id": "166715"
      },
      {
        "db": "PACKETSTORM",
        "id": "166731"
      },
      {
        "db": "PACKETSTORM",
        "id": "166732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166874"
      },
      {
        "db": "PACKETSTORM",
        "id": "166872"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-411825",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22965",
        "trust": 3.9
      },
      {
        "db": "PACKETSTORM",
        "id": "166713",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167011",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-254054",
        "trust": 1.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022040109",
        "trust": 1.2
      },
      {
        "db": "CS-HELP",
        "id": "SB2022033109",
        "trust": 1.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#970766",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "166691",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166732",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166874",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060811",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070602",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060716",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042734",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042546",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060304",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072038",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071213",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022052302",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042277",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072087",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022041951",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042126",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3155",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5097",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1844",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1636",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1593",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1444.8",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1674",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-286-05",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-411825",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22965",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166706",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166715",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166731",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166872",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "db": "PACKETSTORM",
        "id": "166706"
      },
      {
        "db": "PACKETSTORM",
        "id": "166715"
      },
      {
        "db": "PACKETSTORM",
        "id": "166731"
      },
      {
        "db": "PACKETSTORM",
        "id": "166732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166874"
      },
      {
        "db": "PACKETSTORM",
        "id": "166872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "id": "VAR-202203-1506",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      }
    ],
    "trust": 0.6314393799999999
  },
  "last_update_date": "2024-01-25T20:10:56.055000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Spring Framework Fixes for code injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=187595"
      },
      {
        "title": "Red Hat: Low: Red Hat Process Automation Manager 7.12.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221378 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat Decision Manager 7.12.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221379 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat AMQ Broker 7.9.4 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221627 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat Fuse 7.10.2 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221360 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat Integration Camel-K 1.6.5 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221333 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221306 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat AMQ Broker 7.8.6 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221626 - security advisory"
      },
      {
        "title": "IBM: Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e6cbc0e97f1832a63f66e10869253ecf"
      },
      {
        "title": "Cisco: Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-java-spring-rce-zx9guc67"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/coffeehb/spring4shell "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "https://tanzu.vmware.com/security/cve-2022-22965"
      },
      {
        "trust": 2.9,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-java-spring-rce-zx9guc67"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/166713/spring4shell-code-execution.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/167011/spring4shell-spring-framework-class-property-remote-code-execution.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/security/cve/cve-2022-22965"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0005"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022040109"
      },
      {
        "trust": 1.2,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022033109"
      },
      {
        "trust": 0.8,
        "url": "cve-2022-22965  "
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2022-003"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22965"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1674"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072038"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1593"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042126"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22965/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166874/red-hat-security-advisory-2022-1626-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022041951"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042546"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060304"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166691/red-hat-security-advisory-2022-1306-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1844"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166732/red-hat-security-advisory-2022-1379-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070602"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071213"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072087"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060716"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042277"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1444.8"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042734"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060811"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5097"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-286-05"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3155"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1636"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022052302"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1333"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.10.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1360"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=rhpam\u0026downloadtype=securitypatches\u0026version=7.12.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1378"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1379"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=rhdm\u0026version=7.12.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.8.6"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1626"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.9.4"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "db": "PACKETSTORM",
        "id": "166706"
      },
      {
        "db": "PACKETSTORM",
        "id": "166715"
      },
      {
        "db": "PACKETSTORM",
        "id": "166731"
      },
      {
        "db": "PACKETSTORM",
        "id": "166732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166874"
      },
      {
        "db": "PACKETSTORM",
        "id": "166872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "db": "PACKETSTORM",
        "id": "166706"
      },
      {
        "db": "PACKETSTORM",
        "id": "166715"
      },
      {
        "db": "PACKETSTORM",
        "id": "166731"
      },
      {
        "db": "PACKETSTORM",
        "id": "166732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166874"
      },
      {
        "db": "PACKETSTORM",
        "id": "166872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-03-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "date": "2022-04-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "date": "2022-04-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "date": "2022-04-11T17:36:49",
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "date": "2022-04-13T15:01:19",
        "db": "PACKETSTORM",
        "id": "166706"
      },
      {
        "date": "2022-04-13T22:20:55",
        "db": "PACKETSTORM",
        "id": "166715"
      },
      {
        "date": "2022-04-15T15:24:03",
        "db": "PACKETSTORM",
        "id": "166731"
      },
      {
        "date": "2022-04-15T15:24:12",
        "db": "PACKETSTORM",
        "id": "166732"
      },
      {
        "date": "2022-04-27T18:19:24",
        "db": "PACKETSTORM",
        "id": "166874"
      },
      {
        "date": "2022-04-27T18:18:11",
        "db": "PACKETSTORM",
        "id": "166872"
      },
      {
        "date": "2022-03-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "date": "2022-03-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "date": "2022-04-01T23:15:13.870000",
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "date": "2022-04-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "date": "2023-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "date": "2023-02-09T02:07:02.263000",
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Spring Framework Code injection vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      }
    ],
    "trust": 1.2
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.