www.cve.org
Open in
urlscan Pro
18.239.18.110
Public Scan
URL:
https://www.cve.org/CVERecord?id=CVE-2022-22965
Submission: On June 17 via api from BY — Scanned from DE
Submission: On June 17 via api from BY — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
We're sorry but the CVE Website doesn't work properly without JavaScript enabled. Please enable it to continue. Skip to main content About OverviewHistoryProcessRelated EffortsMetrics Partner Information PartnerList of Partners Program Organization StructureProgram Relationship with PartnersBoardWorking GroupsCVE Numbering AuthoritiesAuthorized Data Publishers Downloads Resources & Support ResourcesGlossaryFAQs AllRecentArchivesNewsletter Sign-Up Reserve IDs & Publish RecordsCVE Services Report/Request CNAsNon-CNAs Site Search Find Find CVE Records by keyword on cve.mitre.org. Site Search CVE-2022-22965 PUBLISHED View JSON information View Enhanced Vulnerability Data for this CVE Record by Selecting the “View JSON” Link collapse Assigner: VMware Published: 2022-04-01Updated: 2022-07-25 A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. PRODUCT STATUS information Learn About the Versions Section collapse Vendor n/a Product Spring Framework Versions Default Status: unknown * affected at Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions REFERENCES * https://tanzu.vmware.com/security/cve-2022-22965 external site * tools.cisco.com: 20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022 external site vendor-advisory * https://www.oracle.com/security-alerts/cpuapr2022.html external site * https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 external site * http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html external site * https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf external site * https://www.oracle.com/security-alerts/cpujul2022.html external site * http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html external site View additional information about CVE-2022-22965 external site on NVD. (Note: The NVD is not operated by the CVE Program) POLICIES & COOKIES * Terms of Use * Website Security Policy * Privacy Policy * Cookie Notice MEDIA * News * Blogs * Podcasts * Email newsletter sign up SOCIAL MEDIA github linkedin mastodon youtube medium x-twitter icon for @CVEnew New CVE Records x-twitter icon for @CVEannounce CVE Announce CONTACT * CVE Program Support external site * CNA Partners * CVE Website Support external site * CVE Program Idea Tracker external site Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) external link Cybersecurity and Infrastructure Security Agency (CISA) external link . Copyright © 1999-2024, The MITRE Corporation external link . CVE and the CVE logo are registered trademarks of The MITRE Corporation.