logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2022-22965

Description

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.


Affected Software


CPE Name Name Version
vmware:spring_framework vmware spring framework 5.3.18
vmware:spring_framework vmware spring framework 5.2.20
cisco:cx_cloud_agent cisco cx cloud agent 2.1.0
oracle:sd-wan_edge oracle sd-wan edge 9.0
oracle:retail_xstore_point_of_service oracle retail xstore point of service 20.0.1
oracle:communications_cloud_native_core_security_edge_protection_proxy oracle communications cloud native core security edge protection proxy 1.7.0
oracle:financial_services_analytical_applications_infrastructure oracle financial services analytical applications infrastructure 8.1.1
oracle:sd-wan_edge oracle sd-wan edge 9.1
siemens:siveillance_identity siemens siveillance identity 1.6
siemens:siveillance_identity siemens siveillance identity 1.5
siemens:sipass_integrated siemens sipass integrated 2.85
siemens:sipass_integrated siemens sipass integrated 2.80
oracle:product_lifecycle_analytics oracle product lifecycle analytics 3.6.1
oracle:financial_services_enterprise_case_management oracle financial services enterprise case management 8.1.1.0
oracle:financial_services_enterprise_case_management oracle financial services enterprise case management 8.1.1.1
oracle:financial_services_behavior_detection_platform oracle financial services behavior detection platform 8.1.2.0
oracle:financial_services_behavior_detection_platform oracle financial services behavior detection platform 8.1.1.1
oracle:financial_services_behavior_detection_platform oracle financial services behavior detection platform 8.1.1.0
oracle:communications_cloud_native_core_console oracle communications cloud native core console 1.9.0
oracle:communications_cloud_native_core_policy oracle communications cloud native core policy 1.15.0
oracle:communications_cloud_native_core_unified_data_repository oracle communications cloud native core unified data repository 1.15.0
oracle:communications_cloud_native_core_unified_data_repository oracle communications cloud native core unified data repository 22.1.0
oracle:communications_cloud_native_core_security_edge_protection_proxy oracle communications cloud native core security edge protection proxy 22.1.0
oracle:communications_cloud_native_core_policy oracle communications cloud native core policy 22.1.0
oracle:communications_cloud_native_core_network_slice_selection_function oracle communications cloud native core network slice selection function 1.8.0
oracle:communications_cloud_native_core_network_slice_selection_function oracle communications cloud native core network slice selection function 22.1.0
oracle:communications_cloud_native_core_network_repository_function oracle communications cloud native core network repository function 1.15.0
oracle:communications_cloud_native_core_network_repository_function oracle communications cloud native core network repository function 22.1.0
oracle:communications_cloud_native_core_network_function_cloud_native_environment oracle communications cloud native core network function cloud native environment 22.1.0
oracle:communications_cloud_native_core_network_function_cloud_native_environment oracle communications cloud native core network function cloud native environment 1.10.0
oracle:communications_cloud_native_core_network_exposure_function oracle communications cloud native core network exposure function 22.1.0
oracle:communications_cloud_native_core_console oracle communications cloud native core console 22.1.0
oracle:communications_cloud_native_core_automated_test_suite oracle communications cloud native core automated test suite 22.1.0
oracle:communications_cloud_native_core_automated_test_suite oracle communications cloud native core automated test suite 1.9.0
oracle:retail_xstore_point_of_service oracle retail xstore point of service 21.0.0
oracle:financial_services_enterprise_case_management oracle financial services enterprise case management 8.1.2.0
oracle:financial_services_analytical_applications_infrastructure oracle financial services analytical applications infrastructure 8.1.2.0
oracle:communications_policy_management oracle communications policy management 12.6.0.0.0
oracle:mysql_enterprise_monitor oracle mysql enterprise monitor 8.0.29
oracle:communications_cloud_native_core_network_slice_selection_function oracle communications cloud native core network slice selection function 1.15.0
siemens:operation_scheduler siemens operation scheduler 2.0.4
veritas:access_appliance veritas access appliance 7.4.3
veritas:access_appliance veritas access appliance 7.4.3.100
veritas:access_appliance veritas access appliance 7.4.3.200
veritas:netbackup_virtual_appliance veritas netbackup virtual appliance 4.0.0.1
veritas:netbackup_virtual_appliance veritas netbackup virtual appliance 4.1.0.1
veritas:netbackup_appliance veritas netbackup appliance 4.0.0.1
veritas:netbackup_appliance veritas netbackup appliance 4.1.0.1
veritas:netbackup_virtual_appliance veritas netbackup virtual appliance 4.0
veritas:netbackup_virtual_appliance veritas netbackup virtual appliance 4.1
veritas:netbackup_appliance veritas netbackup appliance 4.0
veritas:netbackup_appliance veritas netbackup appliance 4.1
veritas:flex_appliance veritas flex appliance 2.0
veritas:flex_appliance veritas flex appliance 2.0.1
veritas:flex_appliance veritas flex appliance 2.0.2
veritas:flex_appliance veritas flex appliance 2.1
veritas:flex_appliance veritas flex appliance 1.3
veritas:netbackup_flex_scale_appliance veritas netbackup flex scale appliance 2.1
veritas:netbackup_flex_scale_appliance veritas netbackup flex scale appliance 3.0
siemens:sinec_network_management_system siemens sinec network management system 1.0.3
siemens:simatic_speech_assistant_for_machines siemens simatic speech assistant for machines 1.2.1
oracle:weblogic_server oracle weblogic server 12.2.1.3.0
oracle:retail_customer_management_and_segmentation_foundation oracle retail customer management and segmentation foundation 17.0
oracle:retail_customer_management_and_segmentation_foundation oracle retail customer management and segmentation foundation 18.0
oracle:weblogic_server oracle weblogic server 12.2.1.4.0
oracle:weblogic_server oracle weblogic server 14.1.1.0.0
oracle:retail_customer_management_and_segmentation_foundation oracle retail customer management and segmentation foundation 19.0
oracle:retail_merchandising_system oracle retail merchandising system 16.0.3
oracle:retail_financial_integration oracle retail financial integration 16.0.3
oracle:retail_integration_bus oracle retail integration bus 16.0.3
oracle:communications_unified_inventory_management oracle communications unified inventory management 7.4.1
oracle:retail_merchandising_system oracle retail merchandising system 19.0.1
oracle:retail_integration_bus oracle retail integration bus 14.1.3.2
oracle:retail_financial_integration oracle retail financial integration 14.1.3.2
oracle:retail_integration_bus oracle retail integration bus 15.0.3.1
oracle:retail_financial_integration oracle retail financial integration 15.0.3.1
oracle:commerce_platform oracle commerce platform 11.3.2
oracle:communications_unified_inventory_management oracle communications unified inventory management 7.4.2
oracle:communications_unified_inventory_management oracle communications unified inventory management 7.5.0
oracle:retail_integration_bus oracle retail integration bus 19.0.1
oracle:retail_financial_integration oracle retail financial integration 19.0.1
oracle:retail_bulk_data_integration oracle retail bulk data integration 16.0.3
oracle:communications_cloud_native_core_binding_support_function oracle communications cloud native core binding support function 22.1.3

Related