CVE-2022-22965 - OpenCVE

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Mysql Enterprise Monitor Financial Services Enterprise Case Management Communications Cloud Native Core Automated Test Suite Retail Merchandising System Retail Integration Bus Retail Customer Management And Segmentation Foundation Communications Cloud Native Core Policy Retail Xstore Point Of Service Communications Policy Management Communications Cloud Native Core Security Edge Protection Proxy Communications Cloud Native Core Binding Support Function Weblogic Server Retail Financial Integration Communications Unified Inventory Management Communications Cloud Native Core Unified Data Repository Product Lifecycle Analytics Communications Cloud Native Core Network Repository Function Retail Bulk Data Integration Communications Cloud Native Core Console Commerce Platform Financial Services Behavior Detection Platform Communications Cloud Native Core Network Exposure Function Communications Cloud Native Core Network Slice Selection Function Communications Cloud Native Core Network Function Cloud Native Environment Sd-wan Edge Financial Services Analytical Applications Infrastructure
Cisco	Cx Cloud Agent
Veritas	Netbackup Virtual Appliance Access Appliance Netbackup Flex Scale Appliance Flex Appliance Netbackup Appliance
Siemens	Siveillance Identity Sinec Network Management System Operation Scheduler Sipass Integrated Simatic Speech Assistant For Machines
Vmware	Spring Framework

Configuration 1 [-]

OR	cpe:2.3:a:vmware:spring_framework::::::::
	cpe:2.3:a:vmware:spring_framework::::::::

Configuration 2 [-]

cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:::::::*
	cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:::::::*
	cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.1:::::::*
	cpe:2.3:a:siemens:operation_scheduler::::::::
	cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:veritas:access_appliance:7.4.3:::::::*
	cpe:2.3:a:veritas:access_appliance:7.4.3.100:::::::*
	cpe:2.3:a:veritas:access_appliance:7.4.3.200:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:veritas:access_appliance:7.4.3:::::::*
	cpe:2.3:a:veritas:access_appliance:7.4.3.100:::::::*
	cpe:2.3:a:veritas:access_appliance:7.4.3.200:::::::*
	cpe:2.3:a:veritas:flex_appliance:1.3:::::::*
	cpe:2.3:a:veritas:flex_appliance:2.0:::::::*
	cpe:2.3:a:veritas:flex_appliance:2.0.1:::::::*
	cpe:2.3:a:veritas:flex_appliance:2.0.2:::::::*
	cpe:2.3:a:veritas:flex_appliance:2.1:::::::*
	cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:::::::*
	cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:::::::*
	cpe:2.3:h:veritas:netbackup_appliance:4.0:::::::*
	cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1::::::
	cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2::::::
	cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3::::::
	cpe:2.3:h:veritas:netbackup_appliance:4.1:::::::*
	cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1::::::
	cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2::::::
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:::::::*
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1::::::
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2::::::
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3::::::
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:::::::*
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1::::::
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2::::::

Configuration 6 [-]

OR	cpe:2.3:a:siemens:operation_scheduler::::::::
	cpe:2.3:a:siemens:simatic_speech_assistant_for_machines::::::::
	cpe:2.3:a:siemens:sinec_network_management_system::::::::
	cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:oracle:commerce_platform:11.3.2:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*
	cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:::::::*
	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:::::::*
	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:19.0.1:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:19.0.1:::::::*
	cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

References

Link	Resource
http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf	Patch Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005	Third Party Advisory
https://tanzu.vmware.com/security/cve-2022-22965	Mitigation Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory