CVERadar

Edition used by more than 30,000 companies in more than 150 countries.

CVE-2022-22965

Critical Severity|Vmware

SVRS

9.8

CVSSv3

0.94428

EPSS

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

Security Intelligence Brief

1. What is this vulnerability and why does it matter?

This is CVE-2022-22965, a Remote Code Execution (RCE) vulnerability affecting Spring MVC or Spring WebFlux applications. It stems from improper data binding when these applications are running on JDK 9+ and deployed on Tomcat as a WAR file. It matters significantly because RCE allows an attacker to execute arbitrary code on the affected system, potentially leading to full system compromise, data exfiltration, or denial of service.

2. What are the CVSS score, severity level, and disclosure details?

The CVSS score for this vulnerability is 9.8, which classifies it as a Critical severity level. The vulnerability was publicly disclosed and published on 2022-04-01 22:17:30. The record was last modified on 2025-10-21 23:15:42.

3. Which products, vendors, systems, and versions are affected?

This vulnerability affects:

Products: Spring MVC applications and Spring WebFlux applications.
Vendors: Spring (part of VMware/Broadcom).
Systems: Applications running on JDK 9+ are potentially vulnerable. The specific exploit mentioned requires the application to be deployed on Tomcat as a WAR deployment. Applications deployed as a Spring Boot executable jar (the default deployment) are explicitly stated as not vulnerable to this specific exploit.
Versions: Specific versions are not provided, but the context implies any Spring MVC or Spring WebFlux application running on JDK 9+ with the described deployment method.

4. What is the technical root cause and attack vector?

The technical root cause is identified as remote code execution (RCE) via data binding, categorized under CWE-94 (Improper Control of Generation of Code ('Code Injection')). The attack vector involves manipulating data binding processes within Spring MVC or Spring WebFlux applications. This typically involves sending specially crafted input that, when processed by the application's data binding mechanisms, can lead to the execution of attacker-controlled code.

5. How can this vulnerability be exploited?

This vulnerability can be exploited by an attacker leveraging data binding in a Spring MVC or Spring WebFlux application to achieve remote code execution. The primary, specific exploit vector mentioned requires the application to be deployed as a WAR file on Tomcat, while running on JDK 9+. While this specific deployment scenario is highlighted, the description also notes that "the nature of the vulnerability is more general, and there may be other ways to exploit it." Active exploits have been published, indicating that the methods for exploitation are publicly known and potentially automated.

7. How can vulnerable systems be detected?

Vulnerable systems can be detected by identifying applications that meet the following criteria:

They are Spring MVC or Spring WebFlux applications.
They are running on Java Development Kit (JDK) version 9 or higher.
They are deployed specifically as a WAR (Web Application Archive) file on a Tomcat server.

10. What public intelligence references and advisories exist?

The primary public intelligence reference for this issue is CVE-2022-22965 itself. The existence of published active exploits implies that various cybersecurity advisories and security researcher reports are available detailing the vulnerability and its exploitation.

11. What is the risk assessment and urgency level?

The risk assessment for CVE-2022-22965 is Critical, indicated by its CVSS score of 9.8. This high score reflects the potential for Remote Code Execution (RCE), which is one of the most severe types of vulnerabilities. The urgency level is Immediate due to the critical nature of RCE and the explicit mention that "active exploits have been published to exploit the vulnerability." Organizations running affected configurations should prioritize patching or mitigation without delay.

Type	Indicator	Date
IP	207.90.244.13	2023-06-26	Search on IOC Radar→
IP	66.240.236.116	2021-11-13	Search on IOC Radar→
IP	198.235.24.164	2022-08-20	Search on IOC Radar→
IP	198.235.24.217	2023-04-18	Search on IOC Radar→
IP	198.235.24.9	2022-04-12	Search on IOC Radar→
IP	198.235.24.184	2022-08-19	Search on IOC Radar→
IP	198.235.24.182	2022-08-19	Search on IOC Radar→

Show All 11 IOCs

Title	Software Link	Date
C4yberLan/SpringBoot-Exploit-Toolkit	https://github.com/C4yberLan/SpringBoot-Exploit-Toolkit	2026-04-09
aditidutta696-dev/Spring4Shell-CVE-2022-22965-Exploitation-Attempt	https://github.com/aditidutta696-dev/Spring4Shell-CVE-2022-22965-Exploitation-Attempt	2026-02-03
suyash-R-K/dfir-malware-investigation	https://github.com/suyash-R-K/dfir-malware-investigation	2026-01-20
Hghost0x00/CVE-2022-22965	https://github.com/Hghost0x00/CVE-2022-22965	2025-12-11
Karararam/SpringBoot-Exploit-Toolkit	https://github.com/Karararam/SpringBoot-Exploit-Toolkit	2025-12-06
xenosf/CS4239-Spring4Shell-POC	https://github.com/xenosf/CS4239-Spring4Shell-POC	2025-11-14
NickoPS87/Spring4Shell-Python-Firewall-POC	https://github.com/NickoPS87/Spring4Shell-Python-Firewall-POC	2025-10-19

Show All 66 Exploits

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

ISC StormCast for Friday, April 1st, 2022

Dr. Johannes B. Ullrich•2022-04-01

ISC StormCast for Friday, April 1st, 2022 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Spring Clarifies Spring4Shell; Wyze Cam; Zyxel FW Patch; #Apple 0 Days #ipados #ios #0daySpring Vulnerability Update - Exploitation Attempts CVE-2022-22965 https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/ Apple Patches 0 Day Vulnerability https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/ Wyze Cam Vulnerabilities https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf Zyxel Security Advisory<br

sans.edurssforumnews

ISC StormCast for Monday, April 11th, 2022

Dr. Johannes B. Ullrich•2022-04-11

ISC StormCast for Monday, April 11th, 2022 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Misc Spring4Shell Items (Cisco, Mirai, Nginx); Russian CA Update; Conti Ransomware CopycatsMisc Spring4Shell Items https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html https://github.com/AgainstTheWest/NginxDay Russian Certificate Authority Update https://koen.engineer/russias-certificate-authority-for-sanctioned-organizations-645d61af8ac6 Conti Source Code Leak Leads to Copycats<

cve-2022-22965githubsecuritynginx

Microsoft’s Response to CVE-2022-22965 Spring Framework

2025-12-01

Microsoft’s Response to CVE-2022-22965 Spring Framework | Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.

microsoft.comrssforumnews

Show All News

無重力トレーニング@acupunc28094787

2026-05-02

I just completed Spring4Shell: CVE-2022-22965 room on TryHackMe! Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework https://t.co/6O6FHy6fww #tryhackme via @tryhackme

Audn AI@audn_ai

2026-04-15

We saw our autonomous agent pivot from port 22 SSH on a misconfigured Cisco ASA, grab creds via Hydra, then chain into CVE-2022-22965 on Tomcat and exfil data. It showed orchestration beats manual grind 😊 https://t.co/ED8hdBcaEW

Audn AI@audn_ai

2026-03-29

We ran the AI scanner on https://t.co/HUXaRMs69m, ffuf fuzzed 12k endpoints in seconds, Nuclei confirmed CVE-2022-22965 in the admin portal. It showed AI can surface hidden gems, felt like a rush 🚀

317ON13_LIRW@ToTo13ru_xakep

2026-03-09

I just completed Spring4Shell: CVE-2022-22965 room on TryHackMe! Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework https://t.co/yvRo9hMORt #tryhackme via @tryhackme

Hezron Munge Chacha@HezyChacha

2026-01-11

I just completed Spring4Shell: CVE-2022-22965 room on TryHackMe! Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework https://t.co/reTbMRdI5N #tryhackme via @tryhackme

Jayesh Verma@JayeshV88153533

2026-01-08

I just completed Spring4Shell: CVE-2022-22965 room on TryHackMe. Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework https://t.co/FHsoFLgFHr #tryhackme via @tryhackme

5#r3y@$@fwdFLASH

2026-01-06

I just completed Spring4Shell: CVE-2022-22965 room on TryHackMe! Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework https://t.co/Gp8DVZC6fo #tryhackme via @tryhackme

Roman@mrBr4un

2026-01-02

I just completed Spring4Shell: CVE-2022-22965 room on TryHackMe. Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework https://t.co/sKyLyz1Tl5 #tryhackme через @tryhackme

Pierre Riblet Cahurel@RibletCahurel

2025-12-16

I just completed Spring4Shell: CVE-2022-22965 room on TryHackMe. Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework https://t.co/ypESxEKJgw #tryhackme via @tryhackme

ghost@Hghost010

2025-12-13

🔥 Just dropped #CVE-2022-22965 (#Spring4Shell) exploit tool! 👻 💻 Built in C for raw power & speed ⚡️ 🎥 Coming in my next video: Learn how to build CVE automation frameworks from scratch! 🔗 GitHub: https://t.co/VyKaw8h1FX #CyberSecurity #InfoSec #Spring4Shell #CVE https://t.co/FZT94VGQhT

Show All Tweets

Configuration 1

Type	Vendor	Product
App	Vmware	spring_framework

Configuration 2

Type	Vendor	Product
App	Cisco	cx_cloud_agent

Configuration 3

Type	Vendor	Product
App	Oracle	communications_policy_management
App	Oracle	mysql_enterprise_monitor
App	Oracle	communications_cloud_native_core_automated_test_suite
App	Oracle	communications_cloud_native_core_console
App	Oracle	communications_cloud_native_core_network_exposure_function
App	Oracle	communications_cloud_native_core_network_function_cloud_native_environment
App	Oracle	communications_cloud_native_core_network_repository_function
App	Oracle	communications_cloud_native_core_network_slice_selection_function
App	Oracle	communications_cloud_native_core_policy
App	Oracle	communications_cloud_native_core_security_edge_protection_proxy
App	Oracle	communications_cloud_native_core_unified_data_repository
App	Oracle	financial_services_analytical_applications_infrastructure
App	Oracle	financial_services_behavior_detection_platform
App	Oracle	financial_services_enterprise_case_management
App	Oracle	product_lifecycle_analytics
App	Oracle	retail_xstore_point_of_service
App	Oracle	sd-wan_edge
App	Siemens	operation_scheduler
App	Siemens	sipass_integrated
App	Siemens	siveillance_identity

Configuration 4

Type	Vendor	Product
App	Veritas	access_appliance

Configuration 5

Type	Vendor	Product
App	Veritas	flex_appliance
Unknown	Veritas	netbackup_appliance
App	Veritas	netbackup_flex_scale_appliance
Unknown	Veritas	netbackup_virtual_appliance

Configuration 6

Type	Vendor	Product
App	Siemens	sinec_network_management_system

Configuration 7

Type	Vendor	Product
App	Oracle	retail_integration_bus
App	Oracle	retail_merchandising_system
App	Oracle	weblogic_server
App	Oracle	retail_bulk_data_integration
App	Oracle	retail_customer_management_and_segmentation_foundation
App	Oracle	retail_financial_integration
App	Oracle	communications_cloud_native_core_binding_support_function
App	Oracle	communications_unified_inventory_management
App	Oracle	commerce_platform

Reference	Link
GITHUB	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
GITHUB	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
GITHUB	https://www.oracle.com/security-alerts/cpuapr2022.html
GITHUB	https://www.oracle.com/security-alerts/cpujul2022.html
AF854A3A-2127-422B-91AE-364DA2661108	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
AF854A3A-2127-422B-91AE-364DA2661108	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
AF854A3A-2127-422B-91AE-364DA2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
AF854A3A-2127-422B-91AE-364DA2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
AF854A3A-2127-422B-91AE-364DA2661108	https://tanzu.vmware.com/security/cve-2022-22965
AF854A3A-2127-422B-91AE-364DA2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
AF854A3A-2127-422B-91AE-364DA2661108	https://www.kb.cert.org/vuls/id/970766
AF854A3A-2127-422B-91AE-364DA2661108	https://www.oracle.com/security-alerts/cpuapr2022.html
AF854A3A-2127-422B-91AE-364DA2661108	https://www.oracle.com/security-alerts/cpujul2022.html
[email protected]	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
[email protected]	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
[email protected]	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
[email protected]	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
[email protected]	https://tanzu.vmware.com/security/cve-2022-22965
[email protected]	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
[email protected]	https://www.oracle.com/security-alerts/cpuapr2022.html
[email protected]	https://www.oracle.com/security-alerts/cpujul2022.html
20220401 VULNERABILITY IN SPRING FRAMEWORK AFFECTING CISCO PRODUCTS: MARCH 2022	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
AF854A3A-2127-422B-91AE-364DA2661108	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
AF854A3A-2127-422B-91AE-364DA2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
AF854A3A-2127-422B-91AE-364DA2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
AF854A3A-2127-422B-91AE-364DA2661108	https://tanzu.vmware.com/security/cve-2022-22965
AF854A3A-2127-422B-91AE-364DA2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
AF854A3A-2127-422B-91AE-364DA2661108	https://www.kb.cert.org/vuls/id/970766
AF854A3A-2127-422B-91AE-364DA2661108	https://www.oracle.com/security-alerts/cpuapr2022.html
AF854A3A-2127-422B-91AE-364DA2661108	https://www.oracle.com/security-alerts/cpujul2022.html
[email protected]	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
[email protected]	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
[email protected]	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
[email protected]	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
[email protected]	https://tanzu.vmware.com/security/cve-2022-22965
MISC	https://tanzu.vmware.com/security/cve-2022-22965
MISC	https://tanzu.vmware.com/security/cve-2022-22965
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
CONFIRM	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
MISC	https://tanzu.vmware.com/security/cve-2022-22965
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
CONFIRM	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
MISC	https://tanzu.vmware.com/security/cve-2022-22965
MISC	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
CONFIRM	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
CONFIRM	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
MISC	https://tanzu.vmware.com/security/cve-2022-22965
MISC	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
CONFIRM	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
CONFIRM	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
MISC	https://tanzu.vmware.com/security/cve-2022-22965
MISC	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
MISC	https://www.oracle.com/security-alerts/cpuapr2022.html
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
CONFIRM	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
CONFIRM	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
MISC	https://tanzu.vmware.com/security/cve-2022-22965
MISC	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
MISC	https://www.oracle.com/security-alerts/cpuapr2022.html
MISC	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
CONFIRM	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
CONFIRM	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
MISC	https://tanzu.vmware.com/security/cve-2022-22965
MISC	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
MISC	https://www.oracle.com/security-alerts/cpuapr2022.html
MISC	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
N/A	https://www.oracle.com/security-alerts/cpujul2022.html
GITHUB	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
GITHUB	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
GITHUB	https://www.oracle.com/security-alerts/cpuapr2022.html
GITHUB	https://www.oracle.com/security-alerts/cpujul2022.html
[email protected]	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
[email protected]	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
[email protected]	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
[email protected]	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
[email protected]	https://tanzu.vmware.com/security/cve-2022-22965
[email protected]	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
[email protected]	https://www.oracle.com/security-alerts/cpuapr2022.html
[email protected]	https://www.oracle.com/security-alerts/cpujul2022.html
20220401 VULNERABILITY IN SPRING FRAMEWORK AFFECTING CISCO PRODUCTS: MARCH 2022	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
AF854A3A-2127-422B-91AE-364DA2661108	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
AF854A3A-2127-422B-91AE-364DA2661108	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
AF854A3A-2127-422B-91AE-364DA2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
AF854A3A-2127-422B-91AE-364DA2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
AF854A3A-2127-422B-91AE-364DA2661108	https://tanzu.vmware.com/security/cve-2022-22965
AF854A3A-2127-422B-91AE-364DA2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
AF854A3A-2127-422B-91AE-364DA2661108	https://www.kb.cert.org/vuls/id/970766
AF854A3A-2127-422B-91AE-364DA2661108	https://www.oracle.com/security-alerts/cpuapr2022.html
AF854A3A-2127-422B-91AE-364DA2661108	https://www.oracle.com/security-alerts/cpujul2022.html
[email protected]	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
[email protected]	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
[email protected]	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
[email protected]	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
[email protected]	https://tanzu.vmware.com/security/cve-2022-22965
[email protected]	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
[email protected]	https://www.oracle.com/security-alerts/cpuapr2022.html
[email protected]	https://www.oracle.com/security-alerts/cpujul2022.html
GITHUB	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
GITHUB	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
GITHUB	https://www.oracle.com/security-alerts/cpuapr2022.html
GITHUB	https://www.oracle.com/security-alerts/cpujul2022.html
20220401 VULNERABILITY IN SPRING FRAMEWORK AFFECTING CISCO PRODUCTS: MARCH 2022	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

CWE ID	CWE Name	Description
CWE-94	Improper Control of Generation of Code ('Code Injection')	The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access

CVERadar

CVERadar

CVE-2022-22965

Deep CVE Analysis in Progress

Security Intelligence Brief

Indicators of Compromise

Exploits

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

News

Social Media

Affected Software

References

CWE Details

CVE Radar

We value your privacy