Description

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Related CPE's

a

vmware

spring_cloud_function

2

a

oracle

banking_branch

14.5

Vulnerable

a

oracle

banking_cash_management

14.5

Vulnerable

a

oracle

banking_corporate_lending_process_management

14.5

Vulnerable

a

oracle

banking_credit_facilities_process_management

14.5

Vulnerable

a

oracle

banking_electronic_data_exchange_for_corporates

14.5

Vulnerable

a

oracle

banking_liquidity_management

2

a

oracle

banking_origination

14.5

Vulnerable

a

oracle

banking_supply_chain_finance

14.5

Vulnerable

a

oracle

banking_trade_finance_process_management

14.5

Vulnerable

a

oracle

banking_virtual_account_management

14.5

Vulnerable

a

oracle

communications_cloud_native_core_automated_test_suite

2

a

oracle

communications_cloud_native_core_console

2

a

oracle

communications_cloud_native_core_network_exposure_function

22.1.0

Vulnerable

a

oracle

communications_cloud_native_core_network_function_cloud_native_environment

3

a

oracle

communications_cloud_native_core_network_repository_function

2

a

oracle

communications_cloud_native_core_network_slice_selection_function

2

a

oracle

communications_cloud_native_core_policy

3

a

oracle

communications_cloud_native_core_security_edge_protection_proxy

2

a

oracle

communications_cloud_native_core_unified_data_repository

2

a

oracle

communications_communications_policy_management

12.6.0.0.0

Vulnerable

a

oracle

financial_services_analytical_applications_infrastructure

2

a

oracle

financial_services_behavior_detection_platform

3

a

oracle

financial_services_enterprise_case_management

3

a

oracle

mysql_enterprise_monitor

Vulnerable

a

oracle

product_lifecycle_analytics

3.6.1.0

Vulnerable

a

oracle

retail_xstore_point_of_service

2

a

oracle

sd-wan_edge

2

References

http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html

ExploitThird Party AdvisoryVDB Entry

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005

Third Party Advisory

https://tanzu.vmware.com/security/cve-2022-22963

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

PatchThird Party Advisory

http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html

ExploitThird Party AdvisoryVDB Entry

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005

Third Party Advisory

https://tanzu.vmware.com/security/cve-2022-22963

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

PatchThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-94

[email protected]

Primary
CWE-917

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-04-01T23:15:13.663

3 years ago

Last modified

2025-03-13T16:36:53.717

1 month ago