A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since April 4, 2022.

The EPSS score is 0.94464.

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Cisco
  • Cx Cloud Agent
Oracle
  • Commerce Platform
  • Communications Cloud Native Core Automated Test Suite
  • Communications Cloud Native Core Binding Support Function
  • Communications Cloud Native Core Console
  • Communications Cloud Native Core Network Exposure Function
  • Communications Cloud Native Core Network Function Cloud Native Environment
  • Communications Cloud Native Core Network Repository Function
  • Communications Cloud Native Core Network Slice Selection Function
  • Communications Cloud Native Core Policy
  • Communications Cloud Native Core Security Edge Protection Proxy
  • Communications Cloud Native Core Unified Data Repository
  • Communications Policy Management
  • Communications Unified Inventory Management
  • Financial Services Analytical Applications Infrastructure
  • Financial Services Behavior Detection Platform
  • Financial Services Enterprise Case Management
  • Jdk
  • Mysql Enterprise Monitor
  • Product Lifecycle Analytics
  • Retail Bulk Data Integration
  • Retail Customer Management And Segmentation Foundation
  • Retail Financial Integration
  • Retail Integration Bus
  • Retail Merchandising System
  • Retail Xstore Point Of Service
  • Sd-wan Edge
  • Weblogic Server
Redhat
  • Amq Broker
  • Camel Quarkus
  • Integration
  • Jboss Enterprise Bpms Platform
  • Jboss Enterprise Brms Platform
  • Jboss Fuse
Siemens
  • Operation Scheduler
  • Simatic Speech Assistant For Machines
  • Sinec Network Management System
  • Sipass Integrated
  • Siveillance Identity
Veritas
  • Access Appliance
  • Flex Appliance
  • Netbackup Appliance
  • Netbackup Flex Scale Appliance
  • Netbackup Virtual Appliance
Vmware
  • Spring Framework

Configuration 1 [-]

AND
OR cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
CEQ 2.2.1-1 (CVE-2022-22965)
spring-beans cpe:/a:redhat:camel_quarkus:2.2.1 RHSA-2022:1306 2022-04-11T00:00:00Z
Red Hat AMQ 7.8.6
spring-webmvc cpe:/a:redhat:amq_broker:7 RHSA-2022:1626 2022-04-27T00:00:00Z
Red Hat AMQ 7.9.4
spring-webmvc cpe:/a:redhat:amq_broker:7 RHSA-2022:1627 2022-04-27T00:00:00Z
Red Hat Fuse 7.10.2
spring-webmvc cpe:/a:redhat:jboss_fuse:7 RHSA-2022:1360 2022-04-13T00:00:00Z
RHDM 7.12.1 async
spring-webmvc cpe:/a:redhat:jboss_enterprise_brms_platform:7.12 RHSA-2022:1379 2022-04-14T00:00:00Z
RHINT Camel-K 1.6.5
spring-beans cpe:/a:redhat:integration:1 RHSA-2022:1333 2022-04-12T00:00:00Z
RHPAM 7.12.1 async
spring-webmvc cpe:/a:redhat:jboss_enterprise_bpms_platform:7.12 RHSA-2022:1378 2022-04-14T00:00:00Z

No data.

References
Link Providers
http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html cve-icon cve-icon
http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-22965 cve-icon
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 cve-icon cve-icon
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement cve-icon
https://tanzu.vmware.com/security/cve-2022-22965 cve-icon cve-icon cve-icon
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-22965 cve-icon
https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html cve-icon
https://www.kb.cert.org/vuls/id/970766 cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
https://www.praetorian.com/blog/spring-core-jdk9-rce/ cve-icon
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.94464}

 epss

{'score': 0.94487}

Wed, 29 Jan 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-04-04'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Fri, 18 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Oracle jdk
CPEs cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
Vendors & Products Oracle jdk

Wed, 14 Aug 2024 01:00:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2025-07-30T01:37:44.685Z

Reserved: 2022-01-10T00:00:00.000Z

Link: CVE-2022-22965

cve-icon Vulnrichment

Updated: 2024-08-03T03:28:42.725Z

cve-icon NVD

Status : Analyzed

Published: 2022-04-01T23:15:13.870

Modified: 2025-04-10T16:56:46.083

Link: CVE-2022-22965

cve-icon Redhat

Severity : Important

Publid Date: 2022-03-30T00:00:00Z

Links: CVE-2022-22965 - Bugzilla

cve-icon OpenCVE Enrichment

No data.