HistoryMay 26, 2023 - 12:00 a.m.

Spring Cloud Gateway Code Injection (CVE-2022-22947)

2023-05-2600:00:00

www.tenable.com

The version of Spring Cloud Gateway running on the remote host allows remote attackers to make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Binary data spring_cloud_gateway_cve-2022-22947_direct.nbin

VendorProductVersionCPE
vmwarespring_cloud_gatewaycpe:/a:vmware:spring_cloud_gateway

Vendor	Product	Version	CPE
vmware	spring_cloud_gateway		cpe:/a:vmware:spring_cloud_gateway

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22947

spring.io/security/cve-2022-22947

veracode 1

githubexploit 54

openvas 1

thn 3

prion 1

nessus 1

packetstorm 2

attackerkb 1

metasploit 1

osv 2

cisa_kev 1

cve 1

nuclei 1

cnvd 1

threatpost 2

zdt 2

checkpoint_advisories 1

malwarebytes 2

github 1

exploitdb 1

rapid7blog 2

avleonov 1

mssecure 1

mmpc 1

checkpoint_security 1

securelist 1

oracle 2

veracode

Code Injection

2022-03-02 08:46:00

githubexploit

Exploit for Code Injection in Vmware Spring Cloud Gateway

2022-10-20 20:35:52

Exploit for Code Injection in Vmware Spring Cloud Gateway

2022-03-30 23:33:43

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

2022-05-16 15:27:41

openvas

VMware Spring Cloud Gateway < 3.0.7, 3.1.x < 3.1.1 RCE Vulnerability - Active Check

2022-03-08 00:00:00

thn

New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners

2022-05-17 09:37:00

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

2022-05-17 03:17:00

EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities

2022-05-30 10:30:00

prion

Code injection

2022-03-03 22:15:00

nessus

VMware Spring Cloud Gateway 3.0 < 3.0.7 / 3.1 < 3.1.1 Code Injection

2022-07-29 00:00:00

packetstorm

Spring Cloud Gateway 3.1.0 Remote Code Execution

2022-10-17 00:00:00

Spring Cloud Gateway 3.1.0 Remote Code Execution

2022-03-07 00:00:00

attackerkb

CVE-2022-22947

2022-03-03 00:00:00

metasploit

Spring Cloud Gateway Remote Code Execution

2022-10-06 19:48:36

osv

CVE-2022-22947

2022-03-03 22:15:08

Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured

2022-03-04 00:00:15

cisa_kev

VMware Spring Cloud Gateway Code Injection Vulnerability

2022-05-16 00:00:00

cve

CVE-2022-22947

2022-03-03 22:15:00

nuclei

Spring Cloud Gateway Code Injection

2022-03-02 08:45:10

cnvd

Spring Cloud Gateway Remote Code Execution Vulnerability

2022-03-03 00:00:00

threatpost

Sysrv-K Botnet Targets Windows, Linux

2022-05-17 13:53:19

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

2022-05-31 12:24:44

zdt

Spring Cloud Gateway 3.1.0 - Remote Code Execution Exploit

2022-03-07 00:00:00

Spring Cloud Gateway 3.1.0 Remote Code Execution Exploit

2022-10-17 00:00:00

checkpoint_advisories

Spring Cloud Gateway Remote Code Execution (CVE-2022-22947)

2022-04-03 00:00:00

malwarebytes

Sysrv botnet is out to mine Monero on your Windows and Linux servers

2022-05-18 12:55:00

Oracle releases massive Critical Patch Update containing 520 security patches

2022-04-20 14:53:54

github

Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured

2022-03-04 00:00:15

exploitdb

Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)

2022-03-07 00:00:00

rapid7blog

Metasploit Wrap-Up

2022-10-14 17:03:46

2022 Annual Metasploit Wrap-Up

2022-12-30 15:00:00

avleonov

Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection

2022-04-03 00:15:45

mssecure

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

2022-04-05 01:11:24

mmpc

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

2022-04-05 01:11:24

checkpoint_security

Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950

2022-03-30 21:41:02

securelist

IT threat evolution in Q1 2022. Non-mobile statistics

2022-05-27 08:00:05

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

Spring Cloud Gateway Code Injection (CVE-2022-22947)

References

Related