In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since May 16, 2022.

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Oracle
  • Commerce Guided Search
  • Communications Cloud Native Core Binding Support Function
  • Communications Cloud Native Core Console
  • Communications Cloud Native Core Network Exposure Function
  • Communications Cloud Native Core Network Function Cloud Native Environment
  • Communications Cloud Native Core Network Repository Function
  • Communications Cloud Native Core Network Slice Selection Function
  • Communications Cloud Native Core Security Edge Protection Proxy
  • Communications Cloud Native Core Service Communication Proxy
Vmware
  • Spring Cloud Gateway

Configuration 1 [-]

OR cpe:2.3:a:vmware:spring_cloud_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_cloud_gateway:3.1.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*

No data.

References
Link Providers
http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html cve-icon cve-icon
http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html cve-icon cve-icon
https://tanzu.vmware.com/security/cve-2022-22947 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
History

Wed, 29 Jan 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-05-16'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2025-01-29T17:54:00.963Z

Reserved: 2022-01-10T00:00:00.000Z

Link: CVE-2022-22947

cve-icon Vulnrichment

Updated: 2024-08-03T03:28:42.449Z

cve-icon NVD

Status : Analyzed

Published: 2022-03-03T22:15:08.673

Modified: 2025-03-13T15:40:47.357

Link: CVE-2022-22947

cve-icon Redhat

No data.