Lucene search

akamaiblogAkamai Threat Research TeamAKAMAIBLOG:8B6AA3E3035869AEAE3021AB3F1EFE32
HistoryMar 31, 2022 - 7:30 p.m.

Spring Cloud Function SpEL Injection (CVE-2022-22963) Exploited in the Wild

Akamai Threat Research Team

Although Spring Cloud Functions are not as widespread as the Log4j library, and should provide a good separation from the hosting server, some draw the line between the two, due to the ease of exploitation over HTTP/s. This new vulnerability will definitely result in many threat actors launching campaigns for crypto-mining, ddos, ransomware, and as a golden ticket to break into organizations for the next years to come.