Lucene search
CiscoCISCO-SA-JAVA-SPRING-RCE-ZX9GUC67HistoryApr 01, 2022 - 11:45 p.m.
Vulnerability in Spring Framework Affecting Cisco Products: March 2022
2022-04-0123:45:00
tools.cisco.com
105
0.975 High
EPSS
Percentile
100.0%
On March 31, 2022, the following critical vulnerability in the Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+ was released:
CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
For a description of this vulnerability, see VMware Spring Framework Security Vulnerability Report [âhttps://tanzu.vmware.com/security/cve-2022-22965â].
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 [âhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67â]
Affected configurations
Node
ciscoemergency_responderMatchany
ORciscounity_connectionMatchany
ORciscounified_communications_managerMatchany
ORciscounified_communications_manager_im_and_presence_serviceMatchany
ORciscoprime_license_managerMatchany
ORciscoprime_collaboration_deploymentMatchany
ORciscofirepower_management_centerMatchany
ORciscoevolved_programmable_network_managerMatchany
ORciscofirepower_threat_defense_softwareMatchany
ORciscoiot_field_network_directorMatchany
ORciscohyperflex_hx_data_platformMatchany
ORciscounity_connectionMatchany
ORciscoemergency_responderMatchany
ORciscounity_connectionMatchany
ORciscounified_communications_managerMatchany
ORciscounified_communications_manager_im_and_presence_serviceMatchany
ORciscoprime_license_managerMatchany
ORciscoprime_collaboration_deploymentMatchany
ORciscofirepower_management_centerMatchany
ORciscoevolved_programmable_network_managerMatchany
ORciscofirepower_threat_defense_softwareMatchany
ORciscoiot_field_network_directorMatchany
ORciscohyperflex_hx_data_platformMatchany
ORciscounity_connectionMatchany
Related
thn
thn
Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework
2022-03-31 15:35:00
Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud
2022-04-22 09:30:00
talosblog
talosblog
Threat Advisory: Spring4Shell
2022-04-04 10:26:10
githubexploit
githubexploit
Exploit for Code Injection in Vmware Spring Framework
2022-04-01 12:18:29
Exploit for Code Injection in Vmware Spring Framework
2022-05-19 23:16:40
Exploit for Code Injection in Vmware Spring Framework
2022-11-28 14:34:51
nessus
nessus
Spring Framework Spring4Shell (CVE-2022-22965)
2022-04-06 00:00:00
Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-004)
2023-09-27 00:00:00
RHEL 8 : spring-framework (Unpatched Vulnerability)
2024-05-11 00:00:00
trendmicroblog
trendmicroblog
redhat
redhat
(RHSA-2022:1627) Low: Red Hat AMQ Broker 7.9.4 release and security update
2022-04-27 09:45:16
(RHSA-2022:1626) Low: Red Hat AMQ Broker 7.8.6 release and security update
2022-04-27 09:45:11
(RHSA-2022:1333) Low: Red Hat Integration Camel-K 1.6.5 security update
2022-04-12 18:28:41
rapid7blog
rapid7blog
Itâs the Summer of AppSec: Q2 Improvements to Our Industry-Leading DAST and WAAP
2022-07-13 15:45:00
XSS in JSON: Old-School Attacks for Modern Applications
2022-05-04 15:48:03
Securing Your Applications Against Spring4Shell (CVE-2022-22965)
2022-04-01 22:26:36
ubuntucve
ubuntucve
CVE-2022-22965
2022-04-01 00:00:00
msrc
msrc
Microsoftâs Response to CVE-2022-22965 Spring Framework
2022-04-05 07:00:00
Microsoftâs Response to CVE-2022-22965 Spring Framework
2022-04-05 07:00:00
Microsoftâs Response to CVE-2022-22965 Spring Framework
2022-04-05 23:41:01
nuclei
nuclei
Spring - Remote Code Execution
2022-04-01 11:43:45
ibm
ibm
Security Bulletin: IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)
2022-04-11 15:15:01
redhatcve
redhatcve
CVE-2022-22965
2022-03-31 18:32:57
vmware
vmware
packetstorm
packetstorm
Spring4Shell Spring Framework Class Property Remote Code Execution
2022-05-10 00:00:00
vaadin
vaadin
Spring Core Remote Code Execution via Data Binding on JDK 9+
2022-04-01 00:00:00
openvas
openvas
cvelist
cvelist
CVE-2022-22965
2022-04-01 22:17:30
CVE-2022-43712
2023-07-26 00:00:00
nvd
nvd
CVE-2022-22965
2022-04-01 23:15:13
CVE-2022-43712
2023-07-26 14:15:09
attackerkb
attackerkb
CVE-2022-22965
2022-04-01 00:00:00
spring
spring
Spring Framework RCE, Mitigation Alternative
2022-04-01 11:49:00
Spring Framework Data Binding Rules Vulnerability (CVE-2022-22968)
2022-04-13 13:00:00
Spring Framework RCE, Early Announcement
2022-03-31 10:27:00
veracode
veracode
Remote Code Execution (RCE)
2022-03-31 00:56:39
osv
osv
Remote Code Execution in Spring Framework
2022-03-31 18:30:50
CVE-2022-22965
2022-04-01 23:15:13
prion
prion
Remote code execution
2022-04-01 23:15:00
Design/Logic Flaw
2023-07-26 14:15:00
debiancve
debiancve
CVE-2022-22965
2022-04-01 23:15:13
hivepro
hivepro
RCE Spring Framework Zero-Day vulnerability âSpring4Shellâ
2022-04-12 02:21:11
Weekly Threat Digest: 4 â 10 April 2022
2022-04-13 06:34:35
Weekly Threat Digest: 28 March â 3 April 2022
2022-04-05 10:11:43
cloudfoundry
cloudfoundry
checkpoint_advisories
checkpoint_advisories
Spring Core Remote Code Execution (CVE-2022-22965)
2022-03-31 00:00:00
cve
cve
CVE-2022-22965
2022-04-01 23:15:13
CVE-2022-43712
2023-07-26 14:15:09
kitploit
kitploit
metasploit
metasploit
Spring Framework Class property RCE (Spring4Shell)
2022-04-07 13:22:18
cisa_kev
cisa_kev
Spring Framework JDK 9+ Remote Code Execution Vulnerability
2022-04-04 00:00:00
github
github
Remote Code Execution in Spring Framework
2022-03-31 18:30:50
zdt
zdt
Spring4Shell Spring Framework Class Property Remote Code Execution Exploit
2022-05-10 00:00:00
ics
ics
qualysblog
qualysblog
Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability
2022-03-31 09:00:00
Why Is Snapshot Scanning Not Enough?
2022-11-01 13:27:50
The January 2023 Oracle Critical Patch Update
2023-01-18 00:43:03
fortinet
fortinet
CVE-2022-22965 and CVE-2022-22963 vulnerabilities
2022-04-01 00:00:00
paloalto
paloalto
f5
f5
cert
cert
cisa
cisa
securelist
securelist
IT threat evolution Q2 2022
2022-08-15 12:00:34
Spring4Shell (CVE-2022-22965): details and mitigations
2022-04-04 15:30:36
trellix
trellix
The Bug Report â June 2022 Edition
2022-07-06 00:00:00
The Bug Report â June 2022 Edition
2022-07-06 00:00:00
The Bug Report â April 2022 Edition
2022-05-04 00:00:00
avleonov
avleonov
mmpc
mmpc
mssecure
mssecure
impervablog
impervablog
Imperva Protects from New Spring Framework Zero-Day Vulnerabilities
2022-03-31 15:20:03
malwarebytes
malwarebytes
4 over-hyped security vulnerabilities of 2022
2022-12-19 01:00:00
checkpoint_security
checkpoint_security