logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2022-22947

Description

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.


Affected Software


CPE Name Name Version
vmware:spring_cloud_gateway vmware spring cloud gateway 3.1.0
vmware:spring_cloud_gateway vmware spring cloud gateway 3.0.7
oracle:commerce_guided_search oracle commerce guided search 11.3.2
oracle:communications_cloud_native_core_network_slice_selection_function oracle communications cloud native core network slice selection function 1.8.0
oracle:communications_cloud_native_core_network_slice_selection_function oracle communications cloud native core network slice selection function 22.1.0
oracle:communications_cloud_native_core_network_repository_function oracle communications cloud native core network repository function 1.15.0
oracle:communications_cloud_native_core_network_function_cloud_native_environment oracle communications cloud native core network function cloud native environment 1.10.0
oracle:communications_cloud_native_core_network_exposure_function oracle communications cloud native core network exposure function 22.1.0
oracle:communications_cloud_native_core_service_communication_proxy oracle communications cloud native core service communication proxy 1.15.0
oracle:communications_cloud_native_core_network_repository_function oracle communications cloud native core network repository function 1.15.1
oracle:communications_cloud_native_core_binding_support_function oracle communications cloud native core binding support function 1.11.0
oracle:communications_cloud_native_core_network_repository_function oracle communications cloud native core network repository function 22.2.0
oracle:communications_cloud_native_core_security_edge_protection_proxy oracle communications cloud native core security edge protection proxy 22.1.1
oracle:communications_cloud_native_core_console oracle communications cloud native core console 22.2.0
oracle:communications_cloud_native_core_network_repository_function oracle communications cloud native core network repository function 22.1.2
oracle:communications_cloud_native_core_binding_support_function oracle communications cloud native core binding support function 22.1.3

Related