POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965.

CPENameOperatorVersion
gxsoftware:xperiencentralgxsoftware xperiencentralle10.36.0

CPE	Name	Operator	Version
gxsoftware:xperiencentral	gxsoftware xperiencentral	le	10.36.0

References

service.gxsoftware.com/hc/en-us/articles/4717373636381-Vulnerability-in-Spring-core-Spring4Shell-

service.gxsoftware.com/hc/nl/articles/12208173122461

prion 2

nessus 12

msrc 4

thn 5

talosblog 1

rapid7blog 11

ubuntucve 1

githubexploit 52

redhat 8

trendmicroblog 3

ibm 41

nuclei 1

vaadin 1

packetstorm 1

openvas 3

vmware 5

redhatcve 1

attackerkb 1

spring 3

veracode 1

osv 2

checkpoint_advisories 1

zdt 1

github 1

metasploit 1

cve 1

cisa_kev 1

kitploit 2

debiancve 1

cloudfoundry 1

cisco 1

hivepro 3

ics 1

qualysblog 6

fortinet 1

paloalto 1

f5 1

cert 1

cisa 1

securelist 4

trellix 4

avleonov 1

malwarebytes 1

impervablog 1

mssecure 1

mmpc 1

checkpoint_security 1

prion

Design/Logic Flaw

2023-07-26 14:15:00

Remote code execution

2022-04-01 23:15:00

nessus

Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-004)

2023-09-27 00:00:00

Spring Framework Spring4Shell (CVE-2022-22965)

2022-04-06 00:00:00

Spring Framework < 5.2.20 / 5.3.x < 5.3.18 Remote Code Execution (CVE-2022-22965)

2022-03-31 00:00:00

msrc

Microsoft’s Response to CVE-2022-22965 Spring Framework

2022-04-05 07:00:00

Microsoft’s Response to CVE-2022-22965 Spring Framework

2022-04-05 07:00:00

Microsoft’s Response to CVE-2022-22965 Spring Framework

2022-04-05 23:41:01

thn

Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework

2022-03-31 15:35:00

Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud

2022-04-22 09:30:00

Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage

2022-08-04 10:24:00

talosblog

Threat Advisory: Spring4Shell

2022-04-04 10:26:10

rapid7blog

It’s the Summer of AppSec: Q2 Improvements to Our Industry-Leading DAST and WAAP

2022-07-13 15:45:00

XSS in JSON: Old-School Attacks for Modern Applications

2022-05-04 15:48:03

Securing Your Applications Against Spring4Shell (CVE-2022-22965)

2022-04-01 22:26:36

ubuntucve

CVE-2022-22965

2022-04-01 00:00:00

githubexploit

Exploit for Code Injection in Vmware Spring Framework

2022-05-19 23:16:40

Exploit for Code Injection in Vmware Spring Framework

2022-04-29 09:58:05

Exploit for Code Injection in Vmware Spring Framework

2022-04-01 12:18:29

redhat

(RHSA-2022:1626) Low: Red Hat AMQ Broker 7.8.6 release and security update

2022-04-27 09:45:11

(RHSA-2022:1627) Low: Red Hat AMQ Broker 7.9.4 release and security update

2022-04-27 09:45:16

(RHSA-2022:1333) Low: Red Hat Integration Camel-K 1.6.5 security update

2022-04-12 18:28:41

trendmicroblog

CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware

2022-04-08 00:00:00

Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners

2022-04-20 00:00:00

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

2022-04-20 00:00:00

ibm

Security Bulletin: IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

2022-04-11 15:15:01

Security Bulletin: IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

2022-05-25 22:33:00

Security Bulletin: IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

2022-05-19 16:14:28

nuclei

Spring - Remote Code Execution

2022-04-01 11:43:45

vaadin

Spring Core Remote Code Execution via Data Binding on JDK 9+

2022-04-01 00:00:00

packetstorm

Spring4Shell Spring Framework Class Property Remote Code Execution

2022-05-10 00:00:00

openvas

VMware Spring Framework RCE Vulnerability (Spring4Shell, SpringShell) - Active Check

2023-12-13 00:00:00

VMware Spring Boot RCE Vulnerability (Spring4Shell, SpringShell)

2022-04-06 00:00:00

VMware Spring Framework RCE Vulnerability (Spring4Shell, SpringShell) - Version Check

2022-03-31 00:00:00

vmware

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

2022-04-02 00:00:00

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

2022-04-02 00:00:00

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

2022-04-02 00:00:00

redhatcve

CVE-2022-22965

2022-03-31 18:32:57

attackerkb

CVE-2022-22965

2022-04-01 00:00:00

spring

Spring Framework RCE, Mitigation Alternative

2022-04-01 11:49:00

Spring Framework RCE, Early Announcement

2022-03-31 10:27:00

Spring Framework Data Binding Rules Vulnerability (CVE-2022-22968)

2022-04-13 13:00:00

veracode

Remote Code Execution (RCE)

2022-03-31 00:56:39

osv

Remote Code Execution in Spring Framework

2022-03-31 18:30:50

CVE-2022-22965

2022-04-01 23:15:13

checkpoint_advisories

Spring Core Remote Code Execution (CVE-2022-22965)

2022-03-31 00:00:00

zdt

Spring4Shell Spring Framework Class Property Remote Code Execution Exploit

2022-05-10 00:00:00

github

Remote Code Execution in Spring Framework

2022-03-31 18:30:50

metasploit

Spring Framework Class property RCE (Spring4Shell)

2022-04-07 13:22:18

cve

CVE-2022-22965

2022-04-01 23:15:00

cisa_kev

Spring Framework JDK 9+ Remote Code Execution Vulnerability

2022-04-04 00:00:00

kitploit

Spring4Shell-POC - Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

2022-05-10 12:30:00

Spring4Shell-Scan - A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities

2022-04-24 21:30:00

debiancve

CVE-2022-22965

2022-04-01 23:15:00

cloudfoundry

CVE-2022-22965: UAA affected by Spring Framework RCE via Data Binding on JDK 9+ | Cloud Foundry

2022-04-05 00:00:00

cisco

Vulnerability in Spring Framework Affecting Cisco Products: March 2022

2022-04-01 23:45:00

hivepro

RCE Spring Framework Zero-Day vulnerability “Spring4Shell”

2022-04-12 02:21:11

Weekly Threat Digest: 4 – 10 April 2022

2022-04-13 06:34:35

Weekly Threat Digest: 28 March – 3 April 2022

2022-04-05 10:11:43

ics

Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service

2022-10-13 12:00:00

qualysblog

Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability

2022-03-31 09:00:00

Why Is Snapshot Scanning Not Enough?

2022-11-01 13:27:50

The January 2023 Oracle Critical Patch Update

2023-01-18 00:43:03

fortinet

CVE-2022-22965 and CVE-2022-22963 vulnerabilities

2022-04-01 00:00:00

paloalto

Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965

2022-03-31 02:30:00

K11510688 : Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963

2022-03-31 00:00:00

cert

Spring Framework insecurely handles PropertyDescriptor objects with data binding

2022-03-31 00:00:00

cisa

Spring Releases Security Updates Addressing "Spring4Shell" and Spring Cloud Function Vulnerabilities

2022-04-01 00:00:00

securelist

IT threat evolution Q2 2022

2022-08-15 12:00:34

Spring4Shell (CVE-2022-22965): details and mitigations

2022-04-04 15:30:36

IT threat evolution in Q1 2022. Non-mobile statistics

2022-05-27 08:00:05

trellix

The Bug Report – June 2022 Edition

2022-07-06 00:00:00

The Bug Report – June 2022 Edition

2022-07-06 00:00:00

The Bug Report – April 2022 Edition

2022-05-04 00:00:00

avleonov

Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection

2022-04-03 00:15:45

malwarebytes

4 over-hyped security vulnerabilities of 2022

2022-12-19 01:00:00

impervablog

Imperva Protects from New Spring Framework Zero-Day Vulnerabilities

2022-03-31 15:20:03

mssecure

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

2022-04-05 01:11:24

mmpc

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

2022-04-05 01:11:24

checkpoint_security

Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950

2022-03-30 21:41:02

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

8.5 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

14.6%

JSON

Related for CVE-2022-43712

prion2 nessus12 msrc4 thn5 talosblog1 rapid7blog11 ubuntucve1 githubexploit52 redhat8 trendmicroblog3 ibm41 nuclei1 vaadin1 packetstorm1 openvas3 vmware5 redhatcve1 attackerkb1 spring3 veracode1 osv2 checkpoint_advisories1 zdt1 github1 metasploit1 cve1 cisa_kev1 kitploit2 debiancve1 cloudfoundry1 cisco1 hivepro3 ics1 qualysblog6 fortinet1 paloalto1 f51 cert1 cisa1 securelist4 trellix4 avleonov1 malwarebytes1 impervablog1 mssecure1 mmpc1 checkpoint_security1