{"cve_id":"CVE-2022-22947","summary":"In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.","cvss":10.0,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":10.0,"epss":0.94461,"ranking_epss":0.99994,"kev":true,"propose_action":"Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html","http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html","https://tanzu.vmware.com/security/cve-2022-22947","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html","http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html","https://tanzu.vmware.com/security/cve-2022-22947","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22947"],"published_time":"2022-03-03T22:15:08","cpes":["cpe:2.3:a:oracle:commerce_guided_search:11.3.2","cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0","cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3","cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0","cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0","cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0","cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0","cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1","cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2","cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0","cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0","cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0","cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1","cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0","cpe:2.3:a:vmware:spring_cloud_gateway:-","cpe:2.3:a:vmware:spring_cloud_gateway:1.0.0","cpe:2.3:a:vmware:spring_cloud_gateway:1.0.1","cpe:2.3:a:vmware:spring_cloud_gateway:1.0.2","cpe:2.3:a:vmware:spring_cloud_gateway:1.0.3","cpe:2.3:a:vmware:spring_cloud_gateway:2.0.0","cpe:2.3:a:vmware:spring_cloud_gateway:2.0.1","cpe:2.3:a:vmware:spring_cloud_gateway:2.0.2","cpe:2.3:a:vmware:spring_cloud_gateway:2.0.3","cpe:2.3:a:vmware:spring_cloud_gateway:2.0.4","cpe:2.3:a:vmware:spring_cloud_gateway:2.1.0","cpe:2.3:a:vmware:spring_cloud_gateway:2.1.1","cpe:2.3:a:vmware:spring_cloud_gateway:2.1.2","cpe:2.3:a:vmware:spring_cloud_gateway:2.1.3","cpe:2.3:a:vmware:spring_cloud_gateway:2.1.4","cpe:2.3:a:vmware:spring_cloud_gateway:2.1.5","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.0","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.1","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.10","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.2","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.3","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.4","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.5","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.6","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.7","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.8","cpe:2.3:a:vmware:spring_cloud_gateway:2.2.9","cpe:2.3:a:vmware:spring_cloud_gateway:3.0.0","cpe:2.3:a:vmware:spring_cloud_gateway:3.0.1","cpe:2.3:a:vmware:spring_cloud_gateway:3.0.2","cpe:2.3:a:vmware:spring_cloud_gateway:3.0.3","cpe:2.3:a:vmware:spring_cloud_gateway:3.0.4","cpe:2.3:a:vmware:spring_cloud_gateway:3.0.5","cpe:2.3:a:vmware:spring_cloud_gateway:3.0.6","cpe:2.3:a:vmware:spring_cloud_gateway:3.1.0"]}