CVE-2022-22946
Summary
| CVE | CVE-2022-22946 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-04 16:15:00 UTC |
| Updated | 2023-02-22 17:46:00 UTC |
| Description | In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. |
Risk And Classification
Problem Types: CWE-295
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Commerce Guided Search | 11.3.2 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Binding Support Function | 22.1.3 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Console | 22.2.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Repository Function | 22.1.2 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Repository Function | 22.2.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Security Edge Protection Proxy | 22.1.1 | All | All | All |
| Application | Vmware | Spring Cloud Gateway | 3.1.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2022-22946: Spring Cloud Gateway HTTP2 Insecure TrustManager | Security | VMware Tanzu | MISC | tanzu.vmware.com | |
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.