CVE-2022-22947
Published on: Not Yet Published
Last Modified on: 07/24/2023 01:47:00 PM UTC
Certain versions of Commerce Guided Search from Oracle contain the following vulnerability:
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
- CVE-2022-22947 has been assigned by
secu[email protected] to track the vulnerability - currently rated as CRITICAL severity.
CVSS3 Score: 10 - CRITICAL
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| CHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.8 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | MEDIUM | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | PARTIAL | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Oracle Critical Patch Update Advisory - April 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpuapr2022.html |
| CVE-2022-22947: Spring Cloud Gateway Code Injection Vulnerability | Security | VMware Tanzu | tanzu.vmware.com text/html |
MISC tanzu.vmware.com/security/cve-2022-22947 |
| Spring Cloud Gateway 3.1.0 Remote Code Execution ≈ Packet Storm | packetstormsecurity.com text/html |
MISC packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html |
| Spring Cloud Gateway 3.1.0 Remote Code Execution ≈ Packet Storm | packetstormsecurity.com text/html |
MISC packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html |
| Oracle Critical Patch Update Advisory - July 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpujul2022.html |
Related QID Numbers
- 150562 Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)
Exploit/POC from Github
Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947) 注入哥斯拉内存马
Known Affected Configurations (CPE V2.3)
- cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*:
- cpe:2.3:a:vmware:spring_cloud_gateway:*:*:*:*:*:*:*:*:
- cpe:2.3:a:vmware:spring_cloud_gateway:3.1.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @wdahlenb |
Turns out it was an RCE the whole time (CVE-2022-22947)! tanzu.vmware.com/security/cve-2… Full details here:… twitter.com/i/web/status/1… | 2022-03-02 04:44:04 |
| @ipssignatures |
The vuln CVE-2022-22947 has a tweet created 0 days ago and retweeted 14 times. twitter.com/wdahlenb/statu… #pow1rtrtwwcve | 2022-03-02 12:06:00 |
| @buaqbot |
code-scan starred Spring-Cloud-Gateway-CVE-2022-22947 ift.tt/rFbaqTE ift.tt/sK9XUWB | 2022-03-02 12:59:52 |
| @pyn3rd |
#CVE-2022-22947 Spring Cloud Gateway SpEL Remote Code Execution wya.pl/2022/02/26/cve… https://t.co/HU6C81FRS9 | 2022-03-02 16:11:05 |
| @phithon_xg |
#Vulhub Spring Cloud Gateway SpEL expression injection && RCE (CVE-2022-22947) How to gain commands output from tar… twitter.com/i/web/status/1… | 2022-03-02 20:08:13 |
| @ET_Labs |
14 new OPEN, 20 new PRO (14 + 6). Cobalt Strike, CVE-2022-23131, Kimsuky, Gamaredon, Various Phish, CVE-2022-22947,… twitter.com/i/web/status/1… | 2022-03-03 00:10:00 |
| @Cu1GY |
@shimizukawasak @pyn3rd 哈哈,github上有个两步请求 echo 的。raw.githubusercontent.com/lucksec/Spring… | 2022-03-03 01:13:02 |
| @chybeta |
@shimizukawasak @pyn3rd github.com/vulhub/vulhub/… | 2022-03-03 02:03:15 |
| @ipssignatures |
The vuln CVE-2022-22947 has a tweet created 0 days ago and retweeted 11 times. twitter.com/phithon_xg/sta… #pow1rtrtwwcve | 2022-03-03 04:06:00 |
| @hoangnx99 |
[CVE-2022-22947] Seem that we reported later than the author of CVE just 1 day. T,T @rskvp93 https://t.co/1B9IdEvExB | 2022-03-03 06:46:24 |
| @Y4er_ChaBug |
CVE-2022-22947 SpringCloud GateWay SPEL RCE Echo Response y4er.com/post/cve-2022-… | 2022-03-03 07:42:00 |
| @buaqbot |
CVE-2022-22947 SpringCloud GateWay SPEL RCE Echo Response ift.tt/QyEVWUt ift.tt/Y648Vm9 | 2022-03-03 07:53:34 |
| @buaqbot |
CVE-2022-22947 SpringCloud GateWay SPEL RCE Echo Response ift.tt/pABDPoU ift.tt/TDzEkCP | 2022-03-03 09:01:14 |
| @_0xf4n9x_ |
CVE-2022-22947 Spring Cloud Gateway Actuator API SpEL Code Injection wya.pl/2022/02/26/cve… github.com/vulhub/vulhub/… https://t.co/K0CPI1y5Em | 2022-03-03 09:23:00 |
| @cyber_advising |
CVE-2022-22947: Spring Cloud Gateway Remote Code Execution PoC wya.pl/2022/02/26/cve… https://t.co/stZ2kcsYCv | 2022-03-03 10:05:41 |
| @cycatz2 |
#cycatz #bugbounty #bugbountytips CVE-2022-22947 Spring Cloud Gateway Server #RCE #spring #Java More..… twitter.com/i/web/status/1… | 2022-03-03 10:56:04 |
| @RedPacketSec |
VMware Tanzu Spring Cloud Gateway code execution | CVE-2022-22947 - redpacketsecurity.com/vmware-tanzu-s… | 2022-03-03 11:02:57 |
| @digitivy |
CVE-2022-22947: SpEL Casting and Evil Beans dx.zone/?read=https%3A… #cve | 2022-03-03 13:16:15 |
| @CVEtrends |
Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-22947: 403.2K (audience size) CVE-2022-0235: 149.7K CVE-2022-… twitter.com/i/web/status/1… | 2022-03-03 14:00:02 |
| @ipssignatures |
The vuln CVE-2022-22947 has a tweet created 0 days ago and retweeted 17 times. twitter.com/Y4er_ChaBug/st… #pow1rtrtwwcve | 2022-03-03 14:06:00 |
| @Har_sia |
CVE-2022-22947 har-sia.info/CVE-2022-22947… #HarsiaInfo | 2022-03-03 15:00:10 |
| @403Timeout |
CVE-2022-22947 Space bypass, Use "/bin/bash","-c","cat /etc/passwd" #rce https://t.co/fm6CorBQeT | 2022-03-03 15:39:31 |
| @domineefh |
CVE-2022-22947: SpEL Casting and Evil Beans – Wya.pl wya.pl/2022/02/26/cve… < Spring Cloud Gatewa… twitter.com/i/web/status/1… | 2022-03-03 15:50:04 |
| @0x240x23elu |
CVE-2022-22947 spring cloud code injection @InfoSecComm @pdnuclei gist.githubusercontent.com/0x240x23elu/29… | 2022-03-03 17:51:31 |
| @0x240x23elu |
@phithon_xg gist.githubusercontent.com/0x240x23elu/29… | 2022-03-03 17:56:42 |
| @ipssignatures |
The vuln CVE-2022-22947 has a tweet created 0 days ago and retweeted 11 times. twitter.com/cycatz2/status… #pow1rtrtwwcve | 2022-03-03 18:06:00 |
| @Dinosn |
Spring Cloud Gateway CVE-2022-22947 Poc github.com/lucksec/Spring… | 2022-03-03 18:47:25 |
| @beingsheerazali |
Spring Cloud Gateway CVE-2022-22947 Poc github.com/lucksec/Spring… Dinosn | 2022-03-03 19:31:36 |
| @CVEreport |
CVE-2022-22947 : In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a cod… twitter.com/i/web/status/1… | 2022-03-03 22:06:59 |
| @ptracesecurity |
CVE-2022-22947: Spel Casting and Evil Beans wya.pl/2022/02/26/cve… #Pentesting #CVE #SpringBoot #WebSecurity… twitter.com/i/web/status/1… | 2022-03-03 22:45:54 |
| @Robo_Alerts |
Potentially Critical CVE Detected! CVE-2022-22947 In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , app… twitter.com/i/web/status/1… | 2022-03-03 22:56:02 |
| @LinInfoSec |
Spring - CVE-2022-22947: tanzu.vmware.com/security/cve-2… | 2022-03-04 00:00:21 |
 /r/netcve |
CVE-2022-22947 | 2022-03-03 22:38:44 |
| /r/netsec |
Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947) | 2022-03-30 07:18:31 |
| /r/HowToHack |
SpringShell attacks target about one in six vulnerable organisations. Moreover, system admins should also consider the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. | 2022-04-06 04:50:12 |
| /r/tech |
SpringShell attacks target about one in six vulnerable organisations. Moreover, system admins should also consider the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. | 2022-04-06 04:25:58 |
| /r/Hacking_Tutorials |
SpringShell attacks target about one in six vulnerable organisations. Moreover, system admins should also consider the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. | 2022-04-06 04:24:55 |