Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Exploit for Code Injection in Vmware Spring Framework

🗓️ 02 Apr 2022 09:54:13Type 
githubexploit
 githubexploit👁 392 Views

Exploit for Code Injection in Vmware Spring Framework. Spring-Core-RCE Spring Framework remote code execution vulnerability (CVE-2022-22965), affects Spring Framework and derived frameworks. Attackers can remotely execute arbitrary code, impacting JDK 9.0 and above. Temporary defense: WAF defense, blacklisting methods containing certain dataBinder methods. Upgrade Spring Framework to version 5.3.18 or 5.2.20

Show more
Related
ReporterTitlePublishedViews
Family
Vulnrichment		CVE-2022-22965
1 Apr 202222:17
vulnrichment
Vulnrichment		CVE-2022-43712
26 Jul 202300:00
vulnrichment
IBM Security Bulletins		Security Bulletin: IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)
11 Apr 202215:15
ibm
IBM Security Bulletins		Security Bulletin: IBM Spectrum Conductor is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
20 Jun 202202:10
ibm
IBM Security Bulletins		Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
16 Jun 202217:10
ibm
IBM Security Bulletins		Security Bulletin: IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
7 Jun 202205:50
ibm
IBM Security Bulletins		Security Bulletin: IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
25 May 202222:33
ibm
IBM Security Bulletins		Security Bulletin: Operations Dashboard in Cloud Pak for Integration is affected by Spring4Shell CVE-2022-22965
27 Apr 202214:59
ibm
IBM Security Bulletins		Security Bulletin: IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
19 May 202216:14
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability in Spring Framework affects IBM watsonx.data
18 Sep 202420:14
ibm
Rows per page

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
02 Apr 2022 09:13Current
9High risk
Vulners AI Score9
CVSS27.5
CVSS39.8
EPSS0.97449
code injectionvmwarespring frameworkremote code executioncve-2022-22965jdkwaf defenseblacklistdatabinderupgradeversion 5.3.18version 5.2.20.
392
.json
Report