CVE-2022-22963

Published on: Not Yet Published

Last Modified on: 07/28/2022 06:26:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Banking Branch from Oracle contain the following vulnerability:

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

  • CVE-2022-22963 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression | Security | VMware Tanzu tanzu.vmware.com
text/html
URL Logo MISC tanzu.vmware.com/security/cve-2022-22963
No Description Provided tools.cisco.com
text/html
URL Logo CISCO 20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022
Oracle Critical Patch Update Advisory - April 2022 www.oracle.com
text/html
URL Logo MISC www.oracle.com/security-alerts/cpuapr2022.html
Security Advisory psirt.global.sonicwall.com
text/html
URL Logo CONFIRM psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
Oracle Critical Patch Update Advisory - July 2022 www.oracle.com
text/html
URL Logo MISC www.oracle.com/security-alerts/cpujul2022.html

Related QID Numbers

  • 150494 Spring Cloud Function Remote Code Execution (RCE) Vulnerability (CVE-2022-22963)
  • 376508 Spring Cloud Function Remote Code Execution (RCE) Vulnerability (Authenticated)
  • 376520 Spring Cloud Function Remote Code Execution (RCE) Vulnerability Scan Utility
  • 730417 Palo Alto Networks (PAN-OS) Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2010-1622 Bypass Vulnerability (PAN-191178)
  • 730418 Spring Cloud Function Remote Code Execution (RCE) Vulnerability (Unauthenticated Check)
  • 730421 Palo Alto Networks (PAN-OS) Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 Vulnerability (PAN-191178)
  • 730428 Palo Alto Networks (PAN-OS) Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 Vulnerability (PAN-191178)
  • 730431 Palo Alto Networks (PAN-OS) Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 Vulnerability (PAN-191178)
  • 984160 Java (maven) Security Update for org.springframework.cloud:spring-cloud-function-core (GHSA-6v73-fgf6-w5j7)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOracleBanking Branch14.5AllAllAll
ApplicationOracleBanking Cash Management14.5AllAllAll
ApplicationOracleBanking Corporate Lending Process Management14.5AllAllAll
ApplicationOracleBanking Credit Facilities Process Management14.5AllAllAll
ApplicationOracleBanking Electronic Data Exchange For Corporates14.5AllAllAll
ApplicationOracleBanking Liquidity Management14.2AllAllAll
ApplicationOracleBanking Liquidity Management14.5AllAllAll
ApplicationOracleBanking Origination14.5AllAllAll
ApplicationOracleBanking Supply Chain Finance14.5AllAllAll
ApplicationOracleBanking Trade Finance Process Management14.5AllAllAll
ApplicationOracleBanking Virtual Account Management14.5AllAllAll
ApplicationOracleCommunications Cloud Native Core Automated Test Suite1.9.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Automated Test Suite22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Console1.9.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Console22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Exposure Function22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Function Cloud Native Environment1.10.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Function Cloud Native Environment22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Function Cloud Native Environment22.1.2AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Repository Function1.15.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Repository Function22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Slice Selection Function1.8.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Slice Selection Function22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Policy1.15.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Policy22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Policy22.1.3AllAllAll
ApplicationOracleCommunications Cloud Native Core Security Edge Protection Proxy1.7.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Security Edge Protection Proxy22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Unified Data Repository1.15.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Unified Data Repository22.1.0AllAllAll
ApplicationOracleCommunications Communications Policy Management12.6.0.0.0AllAllAll
ApplicationOracleFinancial Services Analytical Applications Infrastructure8.1.1.0AllAllAll
ApplicationOracleFinancial Services Analytical Applications Infrastructure8.1.2.0AllAllAll
ApplicationOracleFinancial Services Behavior Detection Platform8.1.1.0AllAllAll
ApplicationOracleFinancial Services Behavior Detection Platform8.1.1.1AllAllAll
ApplicationOracleFinancial Services Behavior Detection Platform8.1.2.0AllAllAll
ApplicationOracleFinancial Services Enterprise Case Management8.1.1.0AllAllAll
ApplicationOracleFinancial Services Enterprise Case Management8.1.1.1AllAllAll
ApplicationOracleFinancial Services Enterprise Case Management8.1.2.0AllAllAll
ApplicationOracleMysql Enterprise MonitorAllAllAllAll
ApplicationOracleProduct Lifecycle Analytics3.6.1.0AllAllAll
ApplicationOracleRetail Xstore Point Of Service20.0.1AllAllAll
ApplicationOracleRetail Xstore Point Of Service21.0.0AllAllAll
ApplicationOracleSd-wan Edge9.0AllAllAll
ApplicationOracleSd-wan Edge9.1AllAllAll
ApplicationVmwareSpring Cloud FunctionAllAllAllAll
ApplicationVmwareSpring Cloud FunctionAllAllAllAll
  • cpe:2.3:a:oracle:banking_branch:14.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_cash_management:14.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_electronic_data_exchange_for_corporates:14.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_origination:14.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_virtual_account_management:14.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @4ra1nX CVE-2022-22963 小于3.2.3版本情况下能RCE,为什么只是简单的资源访问漏洞 https://t.co/pyFzLOfZcL 2022-03-30 02:21:35
Twitter Icon @bytehx343 Spring Cloud Function Spel RCE aka CVE-2022-22963 POC. payload spring.cloud.function.routing-expression:… twitter.com/i/web/status/1… 2022-03-30 05:07:25
Twitter Icon @Dinosn Made an English version of the CVE-2022-22963 Spring Cloud Function SPEL github.com/dinosn/CVE-202… 2022-03-30 05:07:59
Twitter Icon @Dinosn A rough nuclei template for RCE on Spring Cloud Function SPEL github.com/dinosn/CVE-202… 2022-03-30 05:57:01
Twitter Icon @aceb0nd github.com/dinosn/CVE-202… 2022-03-30 06:34:40
Twitter Icon @piedpiper1616 GitHub - dinosn/CVE-2022-22963: CVE-2022-22963 PoC - github.com/dinosn/CVE-202… 2022-03-30 07:41:51
Twitter Icon @beingsheerazali Made an English version of the CVE-2022-22963 Spring Cloud Function SPEL github.com/dinosn/CVE-202… Dinosn 2022-03-30 08:50:33
Twitter Icon @beingsheerazali A rough nuclei template for RCE on Spring Cloud Function SPEL github.com/dinosn/CVE-202… Dinosn 2022-03-30 08:50:40
Twitter Icon @therceman RCE 0-day Vulnerability found in Spring Cloud (SPEL) CVE-2022-22963: Spring Expression Resource Access Vulnerabili… twitter.com/i/web/status/1… 2022-03-30 08:54:07
Twitter Icon @0xjomo @sanqiushu1 this looks like CVE-2022-22963, not the alleged vuln called "SpringShell" with no CVE yet. 2022-03-30 09:35:12
Twitter Icon @JRG_Testa @Gi7w0rm @S0ufi4n3 Some folks are pointing to "CVE-2022-22963" im not 100% sure. I think that is not what we're looking for. 2022-03-30 09:40:16
Twitter Icon @0xjomo @GlennPegden no, that's CVE-2022-22963. 2022-03-30 09:40:35
Twitter Icon @Ax_Sharma Wrose, some are mixing it up with CVE-2022-22963, a SPEL Expression Injection vulnerability in *Spring Cloud Functi… twitter.com/i/web/status/1… 2022-03-30 09:42:57
Twitter Icon @Ax_Sharma Another PoC for SPEL Expression Injection ? once again CVE-2022-22963, that does NOT impact Spring core: twitter.com/bytehx343/stat… 2022-03-30 09:42:58
Twitter Icon @Ax_Sharma @zyuiopShitpost @LunaSecIO @llkkaT Which bug ?... Possible that PoC screenshot was for CVE-2022-22963 misattributed… twitter.com/i/web/status/1… 2022-03-30 09:47:37
Twitter Icon @GlennPegden @0xjomo CVE-2022-22963 isn't spring4shell ? I know @LunaSecIO and others are talking about an unconnected possible… twitter.com/i/web/status/1… 2022-03-30 09:53:53
Twitter Icon @GlennPegden Ok, many people (including me) are conflating 2 different Java Spring related RCEs. CVE-2022-22963 an easily expl… twitter.com/i/web/status/1… 2022-03-30 09:59:05
Twitter Icon @ipssignatures The vuln CVE-2022-22963 has a tweet created 0 days ago and retweeted 35 times. twitter.com/bytehx343/stat… #pow1rtrtwwcve 2022-03-30 10:06:00
Twitter Icon @vulmoncom Spring Expression Resource Access Vulnerability CVE-2022-22963 Users of affected versions should upgrade to 3.1.7,… twitter.com/i/web/status/1… 2022-03-30 10:19:51
Twitter Icon @haxor31337 @vysecurity @domchell @80vul Note this bug is different from CVE-2022-22963 and If it is real, the world will burn… twitter.com/i/web/status/1… 2022-03-30 10:34:20
Twitter Icon @princechaddha @beingsheerazali The template for CVE-2022-22963 is already merged here github.com/projectdiscove… 2022-03-30 11:11:43
Twitter Icon @SecuriTears @HaboubiAnis Attention, CVE-2022-22963 n'est pas "SpringShell". CVE-2022-22963 = Spring Cloud Function SpringShell… twitter.com/i/web/status/1… 2022-03-30 11:16:51
Twitter Icon @circl_lu "CVE-2022-22963: Spring Expression Resource Access Vulnerability in Spring Cloud Function" tanzu.vmware.com/security/cve-2… 2022-03-30 11:17:29
Twitter Icon @SeanWrightSec One more thing on this, this is NOT the same thing as CVE-2022-22963 (spring.io/blog/2022/03/2…). Spring Cloud while… twitter.com/i/web/status/1… 2022-03-30 11:21:42
Twitter Icon @HaboubiAnis @SecuriTears CVE-2022-22963 :Une vulnérabilité de redirection dans la version < 4.2.4 du module fastify-static perm… twitter.com/i/web/status/1… 2022-03-30 11:30:34
Twitter Icon @SecuriTears @HaboubiAnis ça c'est la description de CVE-2021-22963, pas CVE-2022-22963 :p -> tanzu.vmware.com/security/cve-2… 2022-03-30 11:37:41
Twitter Icon @joikulp Here we go again. RCE vulnerability found in Java framework called Spring Core. Tracked as CVE-2022-22963 and possi… twitter.com/i/web/status/1… 2022-03-30 12:01:06
Twitter Icon @BojackTrojan @joikulp CVE-2022-22963 is a separate vulnerability in Spring Cloud. There is no detail on the one allegedly affect… twitter.com/i/web/status/1… 2022-03-30 12:06:12
Reddit Logo Icon /r/blueteamsec Spring RCE 2022-03-30 06:18:43
Reddit Logo Icon /r/HowToHack CVE-2022-22963 : A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. 2022-03-31 01:59:29
Reddit Logo Icon /r/hacking CVE-2022-22963 : A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. 2022-03-31 01:58:38
Reddit Logo Icon /r/cybersecurity Let’s All Calm Down About Spring4Shell 2022-03-31 14:29:08
Reddit Logo Icon /r/netcve CVE-2022-22963 2022-04-01 23:38:35
Reddit Logo Icon /r/Splunk CVE-2022-22965 - Spring4Shell & CVE-2022-22963 exploitation 2022-04-03 23:31:46
Reddit Logo Icon /r/unifi_versions Statement Regarding Spring CVE-2022-22965, 2022-22950, and 2022-22963 001 2022-04-04 15:15:11
Reddit Logo Icon /r/HowToHack SpringShell attacks target about one in six vulnerable organisations. Moreover, system admins should also consider the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. 2022-04-06 04:50:12
Reddit Logo Icon /r/tech SpringShell attacks target about one in six vulnerable organisations. Moreover, system admins should also consider the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. 2022-04-06 04:25:58
Reddit Logo Icon /r/Hacking_Tutorials SpringShell attacks target about one in six vulnerable organisations. Moreover, system admins should also consider the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. 2022-04-06 04:24:55
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report