CVE-2022-22963
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
99.9%
p100
KEV
SÍ
25 ago 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
VMware Tanzu / Spring Cloud
Vulnerabilidad
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
Añadido a KEV
25 ago 2022
Remediar antes de
15 sept 2022
Uso conocido en ransomware
No
Descripción resumida
When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Acción requerida
Apply updates per vendor instructions.
Notas
https://tanzu.vmware.com/security/cve-2022-22963; https://nvd.nist.gov/vuln/detail/CVE-2022-22963
Sin CVEs relacionados por CWE o producto.