Lucene search
K

750 matches found

GithubExploit
GithubExploit
added 2022/03/04 6:38 a.m.73 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Spring Cloud Gateway Remote Code Execution Vulnerability...

10CVSS7.2AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/03/04 2:36 a.m.341 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Spring-Cloud-Gateway CVE-2022-22947 Spring Cloud Gatewa...

10CVSS7.7AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/03/04 2:36 a.m.346 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Spring-Cloud-Gateway CVE-2022-22947 Spring Cloud Gatewa...

10CVSS7.7AI score0.98253EPSS
Exploits54
OSV
OSV
added 2022/03/04 12:0 a.m.142 views

GHSA-3GX9-37WW-9QW6 Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured

In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the...

10CVSS9.8AI score0.98253EPSS
Exploits54References6
Github Security Blog
Github Security Blog
added 2022/03/04 12:0 a.m.88 views

Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured

In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the...

10CVSS4.5AI score0.98253EPSS
Exploits54References7Affected Software1
NVD
NVD
added 2022/03/03 10:15 p.m.19 views

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the...

10CVSS0.98253EPSS
Exploits54References6
OSV
OSV
added 2022/03/03 10:15 p.m.25 views

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the...

10CVSS9.7AI score0.98253EPSS
Exploits54References6
GithubExploit
GithubExploit
added 2022/03/03 6:26 p.m.432 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Spring Cloud Gateway...

10CVSS9.1AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/03/03 6:26 p.m.1 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

Spring Cloud Gateway...

10CVSS7AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/03/03 1:13 p.m.395 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947RceExp Spring Cloud Gateway 远程代码执行漏洞Exp Spring...

10CVSS9.7AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/03/03 9:30 a.m.182 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

cve-2022-22947 p...

10CVSS9.7AI score0.98253EPSS
Exploits54
Vulnrichment
Vulnrichment
added 2022/03/03 12:0 a.m.15 views

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the...

9.7AI score0.98253EPSS
Exploits54References5
CNVD
CNVD
added 2022/03/03 12:0 a.m.35 views

Spring Cloud Gateway Remote Code Execution Vulnerability

Spring Cloud GateWay is a library provided for building API gateways on top of Spring WebFlux.A remote code execution vulnerability exists in Spring Cloud Gateway, which occurs in the Actuator endpoint of the Spring Cloud Gateway application, which is enabled, public and insecure, is vulnerable t...

10CVSS2.9AI score0.98253EPSS
Exploits54References1
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.5 views

Vmware VMware Spring Cloud Gateway 信任管理问题漏洞

Vmware VMware Spring Cloud Gateway is a gateway component from Vmware, Inc. A trust management issue vulnerability exists in VMware Spring Cloud Gateway that stems from a security bypass issue when using the HTTP2 insecure TrustManager. A local user can send a specially crafted request and connec...

5.5CVSS6.7AI score0.04732EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.3 views

VMware Spring Cloud Gateway 代码注入漏洞

Spring Cloud GateWay is a library provided for building API gateways on top of Spring WebFlux.A remote code execution vulnerability exists in Spring Cloud Gateway, which occurs in the Actuator endpoint of the Spring Cloud Gateway application, which is enabled, public and insecure, is vulnerable t...

10CVSS9.2AI score0.98253EPSS
Exploits54References16
ATTACKERKB
ATTACKERKB
added 2022/03/03 12:0 a.m.55 views

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the...

10CVSS9.9AI score0.98253EPSS
In wildExploits54References6
Cvelist
Cvelist
added 2022/03/03 12:0 a.m.29 views

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the...

9.7AI score0.98253EPSS
Exploits54References5
CVE
CVE
added 2022/03/03 12:0 a.m.2139 views

CVE-2022-22947

CVE-2022-22947 affects Spring Cloud Gateway when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker can craft a request to the Actuator interface and cause arbitrary remote code execution on the host due to a code-injection vulnerability in the gateway routing/Act...

10CVSS9.7AI score0.98253EPSS
In wildExploits54References6Affected Software1
Veracode
Veracode
added 2022/03/02 9:29 a.m.37 views

Insecure HTTP2 TrustManager

spring-cloud-gateway-server uses an insecure HTTP2 TrustManager. Application with default configuration and no key store or trusted certificates uses an insecure trustmanager factory option when HTTP2 is enabled, allowing the gateway connections to remote services with invalid or custom...

5.5CVSS2.7AI score0.04732EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/01 12:0 a.m.4 views

PT-2022-2172 · Spring · Spring Cloud Gateway

Name of the Vulnerable Software and Affected Versions: Spring Cloud Gateway versions prior to 3.1.1+ Description: The issue is related to the implementation of the TrustManager technology for authentication in the Spring Cloud Gateway library, which is used for creating API gateways. It is...

5.5CVSS6.4AI score0.04732EPSS
Exploits0References8
Rows per page
Query Builder