CVE-2022-22947
VMware Spring Cloud Gateway Code Injection Vulnerability
CVSS
—
No CVSS
EPSS
98.3%
p100
KEV
YES
May 16, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
98.3%EPSS · 30 days98.3%
2026-06-302026-07-16
Product
VMware / Spring Cloud Gateway
Vulnerability
VMware Spring Cloud Gateway Code Injection Vulnerability
Added to KEV
May 16, 2022
Remediate by
Jun 6, 2022
Known ransomware use
No
Summary description
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-22947
No related CVEs by CWE or product.