CVE-2022-22965

Published on: Not Yet Published

Last Modified on: 02/09/2023 02:07:00 AM UTC

CVE-2022-22965

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Cx Cloud Agent from Cisco contain the following vulnerability:

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

  • CVE-2022-22965 has been assigned by URL Logo secu[email protected] to track the vulnerability - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector		 Access
Complexity		 Authentication
NETWORK LOW NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ | Security | VMware Tanzu tanzu.vmware.com
text/html
 URL Logo MISC tanzu.vmware.com/security/cve-2022-22965
Spring4Shell Code Execution ≈ Packet Storm packetstormsecurity.com
text/html
 URL Logo MISC packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
Oracle Critical Patch Update Advisory - April 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpuapr2022.html
cert-portal.siemens.com
application/pdf
 URL Logo CONFIRM cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
No Description Provided tools.cisco.com
text/html
 URL Logo CISCO 20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022
Spring4Shell Spring Framework Class Property Remote Code Execution ≈ Packet Storm packetstormsecurity.com
text/html
 URL Logo MISC packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
Security Advisory psirt.global.sonicwall.com
text/html
 URL Logo CONFIRM psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
Oracle Critical Patch Update Advisory - July 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpujul2022.html
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 150494 Spring Core Remote Code Execution (RCE) Vulnerability (Spring4Shell)
  • 150495 Spring Core Remote Code Execution (RCE) Vulnerability CVE-2022-22965 (Spring4Shell)
  • 356282 Amazon Linux Security Advisory for tomcat : ALASTOMCAT9-2023-004
  • 356303 Amazon Linux Security Advisory for tomcat : ALASTOMCAT8.5-2023-005
  • 376506 Spring Framework Remote Code Execution (RCE) Vulnerability (Spring4Shell)
  • 376514 Spring Framework Remote Code Execution (RCE) Vulnerability (Spring4Shell) Scan Utility
  • 591277 Siemens SINEC NMS Remote Code Execution (RCE) Vulnerability (SSA-254054)
  • 730416 Spring Core Remote Code Execution (RCE) Vulnerability (Spring4Shell) (Unauthenticated Check)
  • 730482 Atlassian Jira Spring Framework Remote Code Execution (RCE) Vulnerability (JRASERVER-73773)
  • 730516 Atlassian Confluence Server and Confluence Data Center Remote Code Execution (RCE) Vulnerability (CONFSERVER-78586)
  • 87490 Cisco Data Center Network Manager Spring4Shell Vulnerability (CSCwb43637)
  • 984158 Java (maven) Security Update for org.springframework.boot:spring-boot-starter-webflux (GHSA-36p3-wjmg-h94x)

Exploit/POC from Github

spring4shell | CVE-2022-22965

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoCx Cloud AgentAllAllAllAll
ApplicationOracleCommerce Platform11.3.2AllAllAll
ApplicationOracleCommunications Cloud Native Core Automated Test Suite1.9.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Automated Test Suite22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Binding Support Function22.1.3AllAllAll
ApplicationOracleCommunications Cloud Native Core Console1.9.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Console22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Exposure Function22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Function Cloud Native Environment1.10.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Function Cloud Native Environment22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Repository Function1.15.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Repository Function22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Slice Selection Function1.15.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Slice Selection Function1.8.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Slice Selection Function22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Policy1.15.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Policy22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Security Edge Protection Proxy1.7.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Security Edge Protection Proxy22.1.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Unified Data Repository1.15.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Unified Data Repository22.1.0AllAllAll
ApplicationOracleCommunications Policy Management12.6.0.0.0AllAllAll
ApplicationOracleCommunications Unified Inventory Management7.4.1AllAllAll
ApplicationOracleCommunications Unified Inventory Management7.4.2AllAllAll
ApplicationOracleCommunications Unified Inventory Management7.5.0AllAllAll
ApplicationOracleFinancial Services Analytical Applications Infrastructure8.1.1AllAllAll
ApplicationOracleFinancial Services Analytical Applications Infrastructure8.1.2.0AllAllAll
ApplicationOracleFinancial Services Behavior Detection Platform8.1.1.0AllAllAll
ApplicationOracleFinancial Services Behavior Detection Platform8.1.1.1AllAllAll
ApplicationOracleFinancial Services Behavior Detection Platform8.1.2.0AllAllAll
ApplicationOracleFinancial Services Enterprise Case Management8.1.1.0AllAllAll
ApplicationOracleFinancial Services Enterprise Case Management8.1.1.1AllAllAll
ApplicationOracleFinancial Services Enterprise Case Management8.1.2.0AllAllAll
ApplicationOracleMysql Enterprise MonitorAllAllAllAll
ApplicationOracleProduct Lifecycle Analytics3.6.1AllAllAll
ApplicationOracleRetail Bulk Data Integration16.0.3AllAllAll
ApplicationOracleRetail Customer Management And Segmentation Foundation17.0AllAllAll
ApplicationOracleRetail Customer Management And Segmentation Foundation18.0AllAllAll
ApplicationOracleRetail Customer Management And Segmentation Foundation19.0AllAllAll
ApplicationOracleRetail Financial Integration14.1.3.2AllAllAll
ApplicationOracleRetail Financial Integration15.0.3.1AllAllAll
ApplicationOracleRetail Financial Integration16.0.3AllAllAll
ApplicationOracleRetail Financial Integration19.0.1AllAllAll
ApplicationOracleRetail Integration Bus14.1.3.2AllAllAll
ApplicationOracleRetail Integration Bus15.0.3.1AllAllAll
ApplicationOracleRetail Integration Bus16.0.3AllAllAll
ApplicationOracleRetail Integration Bus19.0.1AllAllAll
ApplicationOracleRetail Merchandising System16.0.3AllAllAll
ApplicationOracleRetail Merchandising System19.0.1AllAllAll
ApplicationOracleRetail Xstore Point Of Service20.0.1AllAllAll
ApplicationOracleRetail Xstore Point Of Service21.0.0AllAllAll
ApplicationOracleSd-wan Edge9.0AllAllAll
ApplicationOracleSd-wan Edge9.1AllAllAll
ApplicationOracleWeblogic Server12.2.1.3.0AllAllAll
ApplicationOracleWeblogic Server12.2.1.4.0AllAllAll
ApplicationOracleWeblogic Server14.1.1.0.0AllAllAll
ApplicationSiemensOperation SchedulerAllAllAllAll
ApplicationSiemensSimatic Speech Assistant For MachinesAllAllAllAll
ApplicationSiemensSinec Network Management SystemAllAllAllAll
ApplicationSiemensSipass Integrated2.80AllAllAll
ApplicationSiemensSipass Integrated2.85AllAllAll
ApplicationSiemensSiveillance Identity1.5AllAllAll
ApplicationSiemensSiveillance Identity1.6AllAllAll
ApplicationVeritasAccess Appliance7.4.3AllAllAll
ApplicationVeritasAccess Appliance7.4.3.100AllAllAll
ApplicationVeritasAccess Appliance7.4.3.200AllAllAll
ApplicationVeritasFlex Appliance1.3AllAllAll
ApplicationVeritasFlex Appliance2.0AllAllAll
ApplicationVeritasFlex Appliance2.0.1AllAllAll
ApplicationVeritasFlex Appliance2.0.2AllAllAll
ApplicationVeritasFlex Appliance2.1AllAllAll
Hardware Device InfoVeritasNetbackup Appliance4.0AllAllAll
Hardware Device InfoVeritasNetbackup Appliance4.0.0.1maintenance_release1AllAll
Hardware Device InfoVeritasNetbackup Appliance4.0.0.1maintenance_release2AllAll
Hardware Device InfoVeritasNetbackup Appliance4.0.0.1maintenance_release3AllAll
Hardware Device InfoVeritasNetbackup Appliance4.1AllAllAll
Hardware Device InfoVeritasNetbackup Appliance4.1.0.1maintenance_release1AllAll
Hardware Device InfoVeritasNetbackup Appliance4.1.0.1maintenance_release2AllAll
ApplicationVeritasNetbackup Flex Scale Appliance2.1AllAllAll
ApplicationVeritasNetbackup Flex Scale Appliance3.0AllAllAll
Hardware Device InfoVeritasNetbackup Virtual Appliance4.0AllAllAll
Hardware Device InfoVeritasNetbackup Virtual Appliance4.0.0.1maintenance_release1AllAll
Hardware Device InfoVeritasNetbackup Virtual Appliance4.0.0.1maintenance_release2AllAll
Hardware Device InfoVeritasNetbackup Virtual Appliance4.0.0.1maintenance_release3AllAll
Hardware Device InfoVeritasNetbackup Virtual Appliance4.1AllAllAll
Hardware Device InfoVeritasNetbackup Virtual Appliance4.1.0.1maintenance_release1AllAll
Hardware Device InfoVeritasNetbackup Virtual Appliance4.1.0.1maintenance_release2AllAll
ApplicationVmwareSpring FrameworkAllAllAllAll
  • cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*:
  • cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*:
  • cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*:
  • cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*:
  • cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*:
  • cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*:
  • cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @KillKitt3n @Sh0ckFR spring.io/blog/2022/ ? "his blog is intended to be the central source of truth for CVE-2022-22965 also… twitter.com/i/web/status/1… 2022-03-31 12:26:11
Twitter Icon @Sh0ckFR @KillKitt3n CVE-2022-22965 can be named SpringShell (the Spring Cloud vulnerability) but not the other one, like sp… twitter.com/i/web/status/1… 2022-03-31 12:33:03
Twitter Icon @seolsson Spring4shell/springshell now has a CVE: tanzu.vmware.com/security/cve-2… CVE-2022-22965 2022-03-31 13:07:17
Twitter Icon @inayuta spring4shell と言われているらしきものに CVE-2022-22965 が publish された模様。。。 #spring4shell 2022-03-31 13:12:03
Twitter Icon @IsmaelSaadi @wdormann CVE ID CVE-2022-22965 Spring Framework 2022-03-31 13:12:13
Twitter Icon @RandoriAttack CVE-2022-22965 has been assigned to the #SpringShell vulnerability. Spring framework 5.3.18 and 5.2.20 have been re… twitter.com/i/web/status/1… 2022-03-31 13:12:41
Twitter Icon @SecuriTears SpringShell/Spring4Shell CVE id is : CVE-2022-22965 tanzu.vmware.com/security/cve-2… 2022-03-31 13:13:48
Twitter Icon @koma_koma_d Spring4Shell(Cloud FunctionではなくCoreの方)にCVE-2022-22965が発行されたようだ。 2022-03-31 13:15:37
Twitter Icon @seolsson I wrote a bit on the Truesec blog earlier regarding Log4Shell/CVE-2022-22965. The tldr; right now is "patch your sp… twitter.com/i/web/status/1… 2022-03-31 13:17:18
Twitter Icon @ozuma5119 So-called "Spring4Shell" or "SpringShell" is assigned CVE-2022-22965. #Java spring.io/blog/2022/03/3… Spring Framew… twitter.com/i/web/status/1… 2022-03-31 13:18:52
Twitter Icon @ephemerum CVE-2022-22965 もうウェブサービスなんかやめよう 2022-03-31 13:19:49
Twitter Icon @AhliSC2 @bjschrijver @royvanrijn It's now called CVE-2022-22965 tanzu.vmware.com/security/cve-2… (from Spring's blog which they keep updating) 2022-03-31 13:21:08
Twitter Icon @ephemerum 死んでる tanzu.vmware.com/security/cve-2… 2022-03-31 13:21:10
Twitter Icon @AmitaiCo @GossiTheDog Spring just updated the post - CVE-2022-22965 2022-03-31 13:21:38
Twitter Icon @kellenmurphy #Spring4Shell / #SpringShell has been assigned CVE-2022-22965. tanzu.vmware.com/security/cve-2… 2022-03-31 13:22:26
Twitter Icon @wakatono CVE-2022-22965が採番された模様。 Webアクセスしづらい… tanzu.vmware.com/security/cve-2… twitter.com/wakatono/statu… 2022-03-31 13:23:32
Twitter Icon @p_badcock VMware has got to be dealing with a massive ddos from people trying to load the cve-2022-22965 page 2022-03-31 13:25:48
Twitter Icon @hmier #spring4shell confirmed as CVE-2022-22965 Is very confusing because there are 2 issues getting mentioned togheter… twitter.com/i/web/status/1… 2022-03-31 13:29:27
Twitter Icon @p_badcock For anyone trying to load tanzu.vmware.com/security/cve-2… here's some screenshots. #springshell #spring4shell #cve… twitter.com/i/web/status/1… 2022-03-31 13:30:01
Twitter Icon @DFNCERT @LunaSecIO #Spring4Shell heisst jetzt CVE-2022-22965 spring.io/blog/2022/03/3… 2022-03-31 13:30:49
Twitter Icon @Kengo_TODA Here is the official announcement! ? tanzu.vmware.com/security/cve-2… 2022-03-31 13:32:53
Twitter Icon @nluedtke1 "Spring4Shell", now has a CVE (CVE-2022-22965) according to spring.io/blog/2022/03/3…, looks like the advisory page is timing out though 2022-03-31 13:35:40
Twitter Icon @JFrogSecurity Finally! #SpringShell assigned to CVE-2022-22965 2022-03-31 13:38:29
Twitter Icon @nluedtke1 tanzu.vmware.com/security/cve-2… works now. 2022-03-31 13:39:14
Twitter Icon @DFNCERT Patches für CVE-2022-22965 stehen über die Versionen 5.3.18 und 5.2.20 von Spring Framework bereits zur Verfügung.… twitter.com/i/web/status/1… 2022-03-31 13:40:23
Twitter Icon @snicoll Spring Boot 2.5.12 has been released. This release contains a fix for CVE-2022-22965, check the release announceme… twitter.com/i/web/status/1… 2022-03-31 13:41:01
Twitter Icon @matsumana CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ tanzu.vmware.com/security/cve-2… 2022-03-31 13:44:27
Twitter Icon @Ax_Sharma @llkkaT CVE assigned to SpringShell—CVE-2022-22965 h/t @hans_dam To summarize: ✅ #SpringShell RCE zero-day = CVE-2… twitter.com/i/web/status/1… 2022-03-31 13:46:45
Twitter Icon @jschauma @springframework And we finally have a CVE: CVE-2022-22965 tanzu.vmware.com/security/cve-2… 2022-03-31 13:49:50
Twitter Icon @wdormann I've published a note, now that we have the official CVE-2022-22965 designation for #SpringShell / #Spring4Shell N… twitter.com/i/web/status/1… 2022-03-31 13:54:49
Twitter Icon @pupurucom @hirurin CVE-2022-22965 has been assigned to this vulnerability. ほんまや。最新 2022-03-31 14:28:19
Twitter Icon @SettiDavide89 CVE-2022-22965 in #Springframework lnkd.in/drPaR6g4 lnkd.in/dPiMTqR5 2022-03-31 14:29:06
Twitter Icon @vulmoncom Spring Framework unauthenticated remote code execution (RCE) via data binding: CVE-2022-22965 aka Spring4Shell or S… twitter.com/i/web/status/1… 2022-03-31 14:29:37
Twitter Icon @codylerum @JFrogSecurity Any statement on CVE-2022-22965 yet? Specifically with regards to Artifactory. 2022-03-31 14:41:12
Twitter Icon @snicoll Spring Boot 2.6.6 has been released. This release contains a fix for CVE-2022-22965, check the release announcemen… twitter.com/i/web/status/1… 2022-03-31 14:41:24
Twitter Icon @kuwaccho0711 @xuK9fotVZBfcmXx CVE-2022-22965? 2022-03-31 14:43:14
Twitter Icon @berlenskyy Spring Boot 2.6.6 est sorti. Cette version contient un correctif pour CVE-2022-22965, consultez l'annonce de la v… twitter.com/i/web/status/1… 2022-03-31 14:43:51
Twitter Icon @aksh1618 @springframework CVE: tanzu.vmware.com/security/cve-2… 2022-03-31 14:52:00
Twitter Icon @LindseyOD123 Spring Framework 5.3.18 and 5.2.20 have been released to address the bug (CVE-2022-22965). twitter.com/DennisF/status… 2022-03-31 14:54:09
Twitter Icon @AArabojr Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965) rapid7.com/blog/post/2022… #zeroday… twitter.com/i/web/status/1… 2022-03-31 14:56:29
Twitter Icon @Har_sia CVE-2022-22965 har-sia.info/CVE-2022-22965… #HarsiaInfo 2022-03-31 15:01:59
Twitter Icon @AndyMicone It also has a CVE-2022-22965 tanzu.vmware.com/security/cve-2… 2022-03-31 15:07:32
Twitter Icon @snyksec ? A fixed version for CVE-2022-22965 (#Spring4Shell) has been issued. At this time, we recommend upgrading to spr… twitter.com/i/web/status/1… 2022-03-31 15:09:11
Twitter Icon @taltalon @IdoNaor1 @cyb3rops Not fake at all. Seriously working. tanzu.vmware.com/security/cve-2… 2022-03-31 15:11:57
Twitter Icon @AquaSecTeam A critical zero-day vulnerability CVE-2022-22965 has been discovered in Spring, a popular open source framework wid… twitter.com/i/web/status/1… 2022-03-31 15:20:05
Twitter Icon @lippard Looks like we now have a CVE for Spring4Shell (Core), CVE-2022-22965: rapid7.com/blog/post/2022… 2022-03-31 15:22:43
Twitter Icon @rudderio Rudder is not impacted by the #Spring4Shell #Springframework vulnerability (CVE-2022-22965) as we do not use Tomcat… twitter.com/i/web/status/1… 2022-03-31 15:26:07
Twitter Icon @jgrumboe @derkoe Already fixes out there, mentioned in the CVEs: tanzu.vmware.com/security/cve-2… and tanzu.vmware.com/security/cve-2… 2022-03-31 15:27:55
Twitter Icon @sigeharucom Maven Repository: org.springframework.boot » spring-boot-starter-web mvnrepository.com/artifact/org.s… CVE-2022-22965の修正が入った… twitter.com/i/web/status/1… 2022-03-31 15:28:10
Twitter Icon @the_yellow_fall CVE-2022-22965: Spring framework 0-day remote code execution vulnerability alert securityonline.info/cve-2022-22965…twitter.com/i/web/status/1… 2022-03-31 15:33:43
Twitter Icon @AcooEdi CVE-2022-22965: Spring framework 0-day remote code execution vulnerability alert dlvr.it/SMk5Lc via securi… twitter.com/i/web/status/1… 2022-03-31 15:37:33
Twitter Icon @lippard VMware's coverage: tanzu.vmware.com/security/cve-2… 2022-03-31 15:41:33
Twitter Icon @netsecu sysdig.com/blog/cve-2022-… Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell #cybersecurity 2022-03-31 15:50:03
Twitter Icon @_r_netsec Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell sysdig.com/blog/cve-2022-… 2022-03-31 15:58:07
Twitter Icon @beingsheerazali Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell sysdig.com/blog/cve-2022-… _r_netsec 2022-03-31 16:15:44
Twitter Icon @alandross @amysw_sec This article tanguy.vmware.com/security/cve-2… gives details and mitigation actions 2022-03-31 16:19:29
Twitter Icon @MCNCSecurity Updated Security Alert!! @mcnc would like to make you aware of SpringShell, Spring4Shell, CVE-2022-22965, many name… twitter.com/i/web/status/1… 2022-03-31 16:20:01
Twitter Icon @alertlogic UPDATE: @alertlogic Knowledge Base Article for CVE-2022-22965 – dubbed #Spring4Shell and #SpringShell – is now avai… twitter.com/i/web/status/1… 2022-03-31 16:26:07
Twitter Icon @guidovbrakel @msftsecresponse @msftsecurity @MsftSecIntel Anyone rules for this in #microsoft #sentinel : tanzu.vmware.com/security/cve-2… 2022-03-31 16:29:26
Twitter Icon @Myinfosecfeed New post: "Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell" ift.tt/0n7ZRc8 2022-03-31 16:29:36
Twitter Icon @ScalingoHQ ?#Security Bulletin: CVE-2022-22965 Critical Security Issue impacting Spring based application (CVSS 9.8). Scalingo… twitter.com/i/web/status/1… 2022-03-31 16:31:18
Twitter Icon @jschauma Just added initial checking for SpringShell CVE-2022-22965 to this tool. Still needs more work, but may be useful t… twitter.com/i/web/status/1… 2022-03-31 16:39:19
Twitter Icon @jimandwhatnot Spring4Shell is scary and will cause a lot of fire-drill development: tanzu.vmware.com/security/cve-2… 2022-03-31 16:39:38
Twitter Icon @CybrXx0 Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell via /r/netsec ift.tt/FvHszNf #cybersecurity #netsec #news 2022-03-31 16:41:15
Reddit Logo Icon /r/blueteamsec Spring Core RCE on JDK9+ - No CVE 2022-03-31 07:24:36
Reddit Logo Icon /r/vulnintel Spring Framework unauthenticated remote code execution (RCE) via data binding: CVE-2022-22965 aka Spring4Shell or SpringShell 2022-03-31 14:29:38
Reddit Logo Icon /r/netsec Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell 2022-03-31 15:43:00
Reddit Logo Icon /r/crowdstrike 2022-03-31 \\ SITUATIONAL AWARENESS \\ Spring4Shell (CVE-2022-22965) Vulnerability Details 2022-03-31 18:20:34
Reddit Logo Icon /r/Sysadmin_Fr Spring4Shell CVE-2022-22965 : comment neutraliser cette vulnérabilité ? 2022-03-31 19:27:39
Reddit Logo Icon /r/france Spring4Shell CVE-2022-22965 : comment neutraliser cette vulnérabilité ? 2022-03-31 19:26:53
Reddit Logo Icon /r/java Spring Boot RCE CVE-2022-22965: can anybody explain why .war packages are affected but .jar (default) are not? 2022-03-31 18:58:04
Reddit Logo Icon /r/cybersecurity Top cybersecurity stories for the week of 03-28-22 to 04-01-22 2022-04-01 14:32:47
Reddit Logo Icon /r/netcve CVE-2022-22965 2022-04-01 23:38:35
Reddit Logo Icon /r/opennms OpenNMS + SpringShell CVE-2022-22965 2022-04-02 03:39:14
Reddit Logo Icon /r/programming CVE-2022-22965 – 0day RCE in Spring Framework Analysis 2022-04-02 08:16:39
Reddit Logo Icon /r/Splunk CVE-2022-22965 - Spring4Shell & CVE-2022-22963 exploitation 2022-04-03 23:31:46
Reddit Logo Icon /r/programming CVE-2022-22965 (SpringShell): RCE Vulnerability Analysis and Mitigations 2022-04-04 09:39:08
Reddit Logo Icon /r/UNIFI Unifi and CVE 2022-22965 - Spring4Shell - RCE 2022-04-04 09:26:27
Reddit Logo Icon /r/kace Does anyone know if K2000 is affected with Spring4Shell vulnerability (CVE-2022-22965) 2022-04-04 14:13:04
Reddit Logo Icon /r/UNIFI Statement Regarding Spring CVE-2022-22965, 2022-22950, and 2022-22963 001 2022-04-04 15:15:14
Reddit Logo Icon /r/Ubiquiti Statement Regarding Spring CVE-2022-22965, 2022-22950, and 2022-22963 001 2022-04-04 15:15:13
Reddit Logo Icon /r/unifi_versions Statement Regarding Spring CVE-2022-22965, 2022-22950, and 2022-22963 001 2022-04-04 15:15:11
Reddit Logo Icon /r/VMwareHorizon Trying to find info on CVE-2022-22965 and UAGs 2022-04-04 15:08:30
Reddit Logo Icon /r/blueteamsec VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965) - Tanzu and TKGI vulnerable 2022-04-05 02:28:22
Reddit Logo Icon /r/programming SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965 - Microsoft Security Blog 2022-04-05 18:34:26
Reddit Logo Icon /r/SpringBoot Fixing CVE-2022-22965 on an old spring app 2022-04-06 09:03:53
Reddit Logo Icon /r/TDArchive CVE-2022-22965: VMware Response to Spring Framework Remote Code Execution Vulnerability 2022-04-06 14:40:32
Reddit Logo Icon /r/SysAdminBlogs CVE-2022-22965: VMware Response to Spring Framework Remote Code Execution Vulnerability 2022-04-06 14:40:09
Reddit Logo Icon /r/TechGA CVE-2022-22965: VMware Response to Spring Framework Remote Code Execution Vulnerability 2022-04-06 14:39:48
Reddit Logo Icon /r/netsec Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive) 2022-04-07 01:41:03
Reddit Logo Icon /r/kaseya Kaseya products and CVE 2022-22965 - Spring4Shell 2022-04-07 08:41:23
Reddit Logo Icon /r/programming Microsoft’s Response to CVE-2022-22965 Spring Framework 2022-04-07 16:55:04
Reddit Logo Icon /r/blueteamsec CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware 2022-04-09 19:36:45
Reddit Logo Icon /r/SecOpsDaily CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware 2022-04-10 05:16:52
Reddit Logo Icon /r/Fuzor Fuzor Spring framework vulnerability ? 2022-04-11 05:22:51
Reddit Logo Icon /r/blueteamsec CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware 2022-04-11 14:37:33
Reddit Logo Icon /r/cyber1sec14all Thousands of computers in Singapore were infected by Mirai malware 2022-04-12 19:11:58
Reddit Logo Icon /r/programming Detecting Spring4Shell (CVE-2022-22965) with Wazuh · Wazuh · The Open Source Security Platform 2022-04-16 01:58:41
Reddit Logo Icon /r/vmware Vmware Spring: CVE-2022-22965: Spring Framework RCE via Data Binding 2022-04-19 17:58:55
Reddit Logo Icon /r/blueteamsec Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners 2022-04-21 12:53:15
Reddit Logo Icon /r/CryptoToFuture Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners 2022-04-21 22:18:02
Reddit Logo Icon /r/CryptoToFuture Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners 2022-04-21 22:15:59
Reddit Logo Icon /r/immersivelabs Spring4Shell Offensive 2022-04-25 08:20:32
Reddit Logo Icon /r/programmingHungary Új hét, új podcast epizódok: hírek, data breachek, business as usual 2022-04-26 06:00:13
Reddit Logo Icon /r/u/arkansascomputer Essential alert – Spring4Shell RCE (CVE-2022-22965 in Spring) #CYBERSECURITY #ALERT #ARKANSAS #ARKANSASCOMPUTER #CRITICAL #CVE202222965 #LATESTTECHNEWS #RCE #SPRING #SPRING4SHELL #TECHUPDATES #TECHNOLOGYNEWS 2022-05-12 11:17:12
Reddit Logo Icon /r/InfoSecWriteups Anatomy Of Spring4Shell CVE-2022–22965 2022-05-30 07:50:47
Reddit Logo Icon /r/technicaladversary Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive) 2022-08-09 18:32:02
Reddit Logo Icon /r/learnpython How can I return a dataframe row if a value is in a column? 2022-10-11 18:21:16
Reddit Logo Icon /r/HackProtectSlo Top 10 exploited vuln 2022 2022-12-07 17:32:06
Reddit Logo Icon /r/CrowdSec Block Illegal Users 2023-01-25 19:09:21
Reddit Logo Icon /r/C_Programming help needed 2023-03-03 11:10:01
Reddit Logo Icon /r/ubiquiti2 Statement Regarding Spring CVE-2022-22965, 2022-22950, and 2022-22963 001 2023-06-25 18:06:46
Reddit Logo Icon /r/CrowdSec Struggling to update my install 2023-07-05 20:02:21
Reddit Logo Icon /r/javahelp War file identified as Vulnerability issue 2023-08-22 12:03:53
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report