Show plain JSON{"cisaActionDue": "2022-04-25", "cisaExploitAdd": "2022-04-04", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Spring Framework JDK 9+ Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "7417ECB4-3391-4273-9DAF-C9C82220CEA8", "versionEndExcluding": "5.2.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "5049322E-FFAA-4CAA-B794-63539EA4E6D7", "versionEndExcluding": "5.3.18", "versionStartIncluding": "5.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "19F22333-401B-4DB1-A63D-622FA54C2BA9", "versionStartIncluding": "9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DA44823-E5F1-4922-BCCA-13BEB49C017B", "versionEndExcluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2DF6C109-E3D3-431C-8101-2FF88763CF5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B5BB2213-08E7-497F-B672-556FD682D122", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "04E6C8E9-2024-496C-9BFD-4548A5B44E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "D163AA57-1D66-4FBF-A8BB-F13E56E5C489", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0425918A-03F1-4541-BDEF-55B03E07E115", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D235B299-9A0E-44FF-84F1-2FFBC070A21D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C2E50B0-64B6-4696-9213-F5D9016058A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "02AEDB9F-1040-4840-ACB6-8BF299886ACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "41C2C67B-BF55-4B48-A94D-1F37A4FAC68C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "172BECE8-9626-4910-AAA1-A2FA9C7139E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "078AEFC0-96DA-4F50-BE8E-8360718103A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ECCD8C1-C055-4958-A613-B6D1609687F1", "versionEndExcluding": "8.0.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AB16F34-D561-498F-A8C3-A24A47BCEBC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", "matchCriteriaId": "435B691D-C763-4692-A46A-3422FA821ACF", "versionEndExcluding": "2.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", "matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", "matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "26CDB573-611F-403C-9E9F-2A929B7B9602", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*", "matchCriteriaId": "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*", "matchCriteriaId": "2605B356-2BDE-45B2-AAB3-55236E163588", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "26CDB573-611F-403C-9E9F-2A929B7B9602", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*", "matchCriteriaId": "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*", "matchCriteriaId": "2605B356-2BDE-45B2-AAB3-55236E163588", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "66B1DC73-8B4C-418B-96A7-17C35E9164CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "48E6CF01-79F1-4E56-BB3C-02AE544876E4", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "62D12B2A-0167-4010-888E-30BB96DBA3F4", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F91A353F-6BEE-423E-BB6A-413C2C03D313", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3F72DF7-C2C6-4009-82D8-462714D80DF5", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", "matchCriteriaId": "A5C4BAEE-EAAE-46F6-A275-330EE41CF1F7", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", "matchCriteriaId": "5311A3B2-E1C7-4816-B1DD-F0166C65F5A3", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", "matchCriteriaId": "ED4BC39F-2A18-4F2D-B5A6-A1590D220611", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "8E5BC47D-DD3A-4CE1-B313-18C9547E89EF", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", "matchCriteriaId": "63459D69-EC29-49A6-9577-A48B63C63063", "vulnerable": true}, {"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", "matchCriteriaId": "7B20A490-3398-4B36-9630-98CADC801E9E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", "matchCriteriaId": "435B691D-C763-4692-A46A-3422FA821ACF", "versionEndExcluding": "2.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*", "matchCriteriaId": "D035FB7D-36A5-439E-9992-DE255F020AB5", "versionEndExcluding": "1.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D14E8FC-464B-414D-AE56-C20FF46E25FB", "versionEndExcluding": "1.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", "matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", "matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3486C85C-57BC-433F-941C-E81539DA5C1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", "matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."}, {"lang": "es", "value": "Una aplicaci\u00f3n Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecuci\u00f3n de c\u00f3digo remota (RCE) por medio de una vinculaci\u00f3n de datos. La explotaci\u00f3n espec\u00edfica requiere que la aplicaci\u00f3n sea ejecutada en Tomcat como un despliegue WAR. Si la aplicaci\u00f3n es desplegada como un jar ejecutable de Spring Boot, es decir, por defecto, no es vulnerable a la explotaci\u00f3n. Sin embargo, la naturaleza de la vulnerabilidad es m\u00e1s general, y puede haber otras formas de explotarla"}], "id": "CVE-2022-22965", "lastModified": "2025-01-29T18:15:44.133", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-04-01T23:15:13.870", "references": [{"source": "security@vmware.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"}, {"source": "security@vmware.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"}, {"source": "security@vmware.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tanzu.vmware.com/security/cve-2022-22965"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security@vmware.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tanzu.vmware.com/security/cve-2022-22965"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/970766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@vmware.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}