CVE-2022-22963
Published on: Not Yet Published
Last Modified on: 07/13/2023 11:15:00 PM UTC
Certain versions of Banking Branch from Oracle contain the following vulnerability:
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
- CVE-2022-22963 has been assigned by
secu[email protected] to track the vulnerability - currently rated as CRITICAL severity.
CVSS3 Score: 9.8 - CRITICAL
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 7.5 - HIGH
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | PARTIAL | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression | Security | VMware Tanzu | tanzu.vmware.com text/html |
MISC tanzu.vmware.com/security/cve-2022-22963 |
| No Description Provided | tools.cisco.com text/html |
CISCO 20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022 |
| Oracle Critical Patch Update Advisory - April 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpuapr2022.html |
| Spring Cloud 3.2.2 Remote Command Execution ≈ Packet Storm | packetstormsecurity.com text/html |
MISC packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html |
| Security Advisory | psirt.global.sonicwall.com text/html |
CONFIRM psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 |
| Oracle Critical Patch Update Advisory - July 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpujul2022.html |
Related QID Numbers
- 150494 Spring Cloud Function Remote Code Execution (RCE) Vulnerability (CVE-2022-22963)
- 376508 Spring Cloud Function Remote Code Execution (RCE) Vulnerability (Authenticated)
- 376520 Spring Cloud Function Remote Code Execution (RCE) Vulnerability Scan Utility
- 730417 Palo Alto Networks (PAN-OS) Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2010-1622 Bypass Vulnerability (PAN-191178)
- 730418 Spring Cloud Function Remote Code Execution (RCE) Vulnerability (Unauthenticated Check)
- 730421 Palo Alto Networks (PAN-OS) Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 Vulnerability (PAN-191178)
- 730428 Palo Alto Networks (PAN-OS) Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 Vulnerability (PAN-191178)
- 730431 Palo Alto Networks (PAN-OS) Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 Vulnerability (PAN-191178)
- 984160 Java (maven) Security Update for org.springframework.cloud:spring-cloud-function-core (GHSA-6v73-fgf6-w5j7)
Known Affected Configurations (CPE V2.3)
- cpe:2.3:a:oracle:banking_branch:14.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:banking_cash_management:14.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:banking_electronic_data_exchange_for_corporates:14.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:banking_origination:14.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:banking_virtual_account_management:14.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*:
- cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*:
- cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @4ra1nX |
CVE-2022-22963 小于3.2.3版本情况下能RCE,为什么只是简单的资源访问漏洞 https://t.co/pyFzLOfZcL | 2022-03-30 02:21:35 |
| @bytehx343 |
Spring Cloud Function Spel RCE aka CVE-2022-22963 POC. payload spring.cloud.function.routing-expression:… twitter.com/i/web/status/1… | 2022-03-30 05:07:25 |
| @Dinosn |
Made an English version of the CVE-2022-22963 Spring Cloud Function SPEL github.com/dinosn/CVE-202… | 2022-03-30 05:07:59 |
| @Dinosn |
A rough nuclei template for RCE on Spring Cloud Function SPEL github.com/dinosn/CVE-202… | 2022-03-30 05:57:01 |
| @aceb0nd |
github.com/dinosn/CVE-202… | 2022-03-30 06:34:40 |
| @piedpiper1616 |
GitHub - dinosn/CVE-2022-22963: CVE-2022-22963 PoC - github.com/dinosn/CVE-202… | 2022-03-30 07:41:51 |
| @beingsheerazali |
Made an English version of the CVE-2022-22963 Spring Cloud Function SPEL github.com/dinosn/CVE-202… Dinosn | 2022-03-30 08:50:33 |
| @beingsheerazali |
A rough nuclei template for RCE on Spring Cloud Function SPEL github.com/dinosn/CVE-202… Dinosn | 2022-03-30 08:50:40 |
| @therceman |
RCE 0-day Vulnerability found in Spring Cloud (SPEL) CVE-2022-22963: Spring Expression Resource Access Vulnerabili… twitter.com/i/web/status/1… | 2022-03-30 08:54:07 |
| @0xjomo |
@sanqiushu1 this looks like CVE-2022-22963, not the alleged vuln called "SpringShell" with no CVE yet. | 2022-03-30 09:35:12 |
| @JRG_Testa |
@Gi7w0rm @S0ufi4n3 Some folks are pointing to "CVE-2022-22963" im not 100% sure. I think that is not what we're looking for. | 2022-03-30 09:40:16 |
| @0xjomo |
@GlennPegden no, that's CVE-2022-22963. | 2022-03-30 09:40:35 |
| @Ax_Sharma |
Wrose, some are mixing it up with CVE-2022-22963, a SPEL Expression Injection vulnerability in *Spring Cloud Functi… twitter.com/i/web/status/1… | 2022-03-30 09:42:57 |
| @Ax_Sharma |
Another PoC for SPEL Expression Injection ? once again CVE-2022-22963, that does NOT impact Spring core: twitter.com/bytehx343/stat… | 2022-03-30 09:42:58 |
| @Ax_Sharma |
@zyuiopShitpost @LunaSecIO @llkkaT Which bug ?... Possible that PoC screenshot was for CVE-2022-22963 misattributed… twitter.com/i/web/status/1… | 2022-03-30 09:47:37 |
| @GlennPegden |
@0xjomo CVE-2022-22963 isn't spring4shell ? I know @LunaSecIO and others are talking about an unconnected possible… twitter.com/i/web/status/1… | 2022-03-30 09:53:53 |
| @GlennPegden |
Ok, many people (including me) are conflating 2 different Java Spring related RCEs. CVE-2022-22963 an easily expl… twitter.com/i/web/status/1… | 2022-03-30 09:59:05 |
| @ipssignatures |
The vuln CVE-2022-22963 has a tweet created 0 days ago and retweeted 35 times. twitter.com/bytehx343/stat… #pow1rtrtwwcve | 2022-03-30 10:06:00 |
| @vulmoncom |
Spring Expression Resource Access Vulnerability CVE-2022-22963 Users of affected versions should upgrade to 3.1.7,… twitter.com/i/web/status/1… | 2022-03-30 10:19:51 |
| @haxor31337 |
@vysecurity @domchell @80vul Note this bug is different from CVE-2022-22963 and If it is real, the world will burn… twitter.com/i/web/status/1… | 2022-03-30 10:34:20 |
| @princechaddha |
@beingsheerazali The template for CVE-2022-22963 is already merged here github.com/projectdiscove… | 2022-03-30 11:11:43 |
| @SecuriTears |
@HaboubiAnis Attention, CVE-2022-22963 n'est pas "SpringShell". CVE-2022-22963 = Spring Cloud Function SpringShell… twitter.com/i/web/status/1… | 2022-03-30 11:16:51 |
| @circl_lu |
"CVE-2022-22963: Spring Expression Resource Access Vulnerability in Spring Cloud Function" tanzu.vmware.com/security/cve-2… | 2022-03-30 11:17:29 |
| @SeanWrightSec |
One more thing on this, this is NOT the same thing as CVE-2022-22963 (spring.io/blog/2022/03/2…). Spring Cloud while… twitter.com/i/web/status/1… | 2022-03-30 11:21:42 |
| @HaboubiAnis |
@SecuriTears CVE-2022-22963 :Une vulnérabilité de redirection dans la version < 4.2.4 du module fastify-static perm… twitter.com/i/web/status/1… | 2022-03-30 11:30:34 |
| @SecuriTears |
@HaboubiAnis ça c'est la description de CVE-2021-22963, pas CVE-2022-22963 :p -> tanzu.vmware.com/security/cve-2… | 2022-03-30 11:37:41 |
| @joikulp |
Here we go again. RCE vulnerability found in Java framework called Spring Core. Tracked as CVE-2022-22963 and possi… twitter.com/i/web/status/1… | 2022-03-30 12:01:06 |
| @BojackTrojan |
@joikulp CVE-2022-22963 is a separate vulnerability in Spring Cloud. There is no detail on the one allegedly affect… twitter.com/i/web/status/1… | 2022-03-30 12:06:12 |
 /r/blueteamsec |
Spring RCE | 2022-03-30 06:18:43 |
| /r/HowToHack |
CVE-2022-22963 : A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. | 2022-03-31 01:59:29 |
| /r/hacking |
CVE-2022-22963 : A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. | 2022-03-31 01:58:38 |
| /r/cybersecurity |
Let’s All Calm Down About Spring4Shell | 2022-03-31 14:29:08 |
| /r/netcve |
CVE-2022-22963 | 2022-04-01 23:38:35 |
| /r/Splunk |
CVE-2022-22965 - Spring4Shell & CVE-2022-22963 exploitation | 2022-04-03 23:31:46 |
| /r/unifi_versions |
Statement Regarding Spring CVE-2022-22965, 2022-22950, and 2022-22963 001 | 2022-04-04 15:15:11 |
| /r/HowToHack |
SpringShell attacks target about one in six vulnerable organisations. Moreover, system admins should also consider the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. | 2022-04-06 04:50:12 |
| /r/tech |
SpringShell attacks target about one in six vulnerable organisations. Moreover, system admins should also consider the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. | 2022-04-06 04:25:58 |
| /r/Hacking_Tutorials |
SpringShell attacks target about one in six vulnerable organisations. Moreover, system admins should also consider the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. | 2022-04-06 04:24:55 |