CVE-2022-22963
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
99.9%
p100
KEV
YES
Aug 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
VMware Tanzu / Spring Cloud
Vulnerability
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
Added to KEV
Aug 25, 2022
Remediate by
Sep 15, 2022
Known ransomware use
No
Summary description
When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Required action
Apply updates per vendor instructions.
Notes
https://tanzu.vmware.com/security/cve-2022-22963; https://nvd.nist.gov/vuln/detail/CVE-2022-22963
No related CVEs by CWE or product.