CVE-2022-22965 CRITICAL

Published: 2022-04-01 | Last Modified: 2025-10-30 | Status: Analyzed

Description

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Additional Descriptions (1)

Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecución de código remota (RCE) por medio de una vinculación de datos. La explotación específica requiere que la aplicación sea ejecutada en Tomcat como un despliegue WAR. Si la aplicación es desplegada como un jar ejecutable de Spring Boot, es decir, por defecto, no es vulnerable a la explotación. Sin embargo, la naturaleza de la vulnerabilidad es más general, y puede haber otras formas de explotarla

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-94
[email protected]	Primary	en CWE-94

Affected Products

Vendor	Product	Version	Update	Type
vmware	spring_framework	*	<built-in method update of dict object at 0x72a9ccfc52c0>	Application
vmware	spring_framework	*	<built-in method update of dict object at 0x72a9ccfc7180>	Application
cisco	cx_cloud_agent	*	<built-in method update of dict object at 0x72a9a39c5980>	Application
oracle	communications_cloud_native_core_automated_test_suite	1.9.0	<built-in method update of dict object at 0x72a9b0a78d00>	Application
oracle	communications_cloud_native_core_automated_test_suite	22.1.0	<built-in method update of dict object at 0x72a9ccfc75c0>	Application
oracle	communications_cloud_native_core_console	1.9.0	<built-in method update of dict object at 0x72a9ccfc5980>	Application
oracle	communications_cloud_native_core_console	22.1.0	<built-in method update of dict object at 0x72a9a39c5d40>	Application
oracle	communications_cloud_native_core_network_exposure_function	22.1.0	<built-in method update of dict object at 0x72a9b0a7ac00>	Application
oracle	communications_cloud_native_core_network_function_cloud_native_environment	1.10.0	<built-in method update of dict object at 0x72a9cc479dc0>	Application
oracle	communications_cloud_native_core_network_function_cloud_native_environment	22.1.0	<built-in method update of dict object at 0x72a9ccfc7340>	Application
oracle	communications_cloud_native_core_network_repository_function	1.15.0	<built-in method update of dict object at 0x72a9b0d01080>	Application
oracle	communications_cloud_native_core_network_repository_function	22.1.0	<built-in method update of dict object at 0x72a9ccfc6080>	Application
oracle	communications_cloud_native_core_network_slice_selection_function	1.8.0	<built-in method update of dict object at 0x72a9b0a787c0>	Application
oracle	communications_cloud_native_core_network_slice_selection_function	1.15.0	<built-in method update of dict object at 0x72a9b0d79f00>	Application
oracle	communications_cloud_native_core_network_slice_selection_function	22.1.0	<built-in method update of dict object at 0x72a9ccfc4200>	Application
oracle	communications_cloud_native_core_policy	1.15.0	<built-in method update of dict object at 0x72a9b0dcce40>	Application
oracle	communications_cloud_native_core_policy	22.1.0	<built-in method update of dict object at 0x72a9ccfc7cc0>	Application
oracle	communications_cloud_native_core_security_edge_protection_proxy	1.7.0	<built-in method update of dict object at 0x72a9ccfc4100>	Application
oracle	communications_cloud_native_core_security_edge_protection_proxy	22.1.0	<built-in method update of dict object at 0x72a9b0d7b5c0>	Application
oracle	communications_cloud_native_core_unified_data_repository	1.15.0	<built-in method update of dict object at 0x72a9cc434040>	Application
oracle	communications_cloud_native_core_unified_data_repository	22.1.0	<built-in method update of dict object at 0x72a9b0d7ac40>	Application
oracle	communications_policy_management	12.6.0.0.0	<built-in method update of dict object at 0x72a9ccfc5380>	Application
oracle	financial_services_analytical_applications_infrastructure	8.1.1	<built-in method update of dict object at 0x72a9cc478e40>	Application
oracle	financial_services_analytical_applications_infrastructure	8.1.2.0	<built-in method update of dict object at 0x72a9a39c4dc0>	Application
oracle	financial_services_behavior_detection_platform	8.1.1.0	<built-in method update of dict object at 0x72a9b0a79740>	Application
oracle	financial_services_behavior_detection_platform	8.1.1.1	<built-in method update of dict object at 0x72a9b0a7ba00>	Application
oracle	financial_services_behavior_detection_platform	8.1.2.0	<built-in method update of dict object at 0x72a9cc645b80>	Application
oracle	financial_services_enterprise_case_management	8.1.1.0	<built-in method update of dict object at 0x72a9cd067640>	Application
oracle	financial_services_enterprise_case_management	8.1.1.1	<built-in method update of dict object at 0x72a9b0a781c0>	Application
oracle	financial_services_enterprise_case_management	8.1.2.0	<built-in method update of dict object at 0x72a9ccfc6c80>	Application
oracle	mysql_enterprise_monitor	*	<built-in method update of dict object at 0x72a9b0a780c0>	Application
oracle	product_lifecycle_analytics	3.6.1	<built-in method update of dict object at 0x72a9b0a78540>	Application
oracle	retail_xstore_point_of_service	20.0.1	<built-in method update of dict object at 0x72a9a39c4b80>	Application
oracle	retail_xstore_point_of_service	21.0.0	<built-in method update of dict object at 0x72a9b0a78700>	Application
oracle	sd-wan_edge	9.0	<built-in method update of dict object at 0x72a9b0a7a7c0>	Application
oracle	sd-wan_edge	9.1	<built-in method update of dict object at 0x72a9ccfc5480>	Application
siemens	operation_scheduler	*	<built-in method update of dict object at 0x72a9ccfc76c0>	Application
siemens	sipass_integrated	2.80	<built-in method update of dict object at 0x72a9cc64cbc0>	Application
siemens	sipass_integrated	2.85	<built-in method update of dict object at 0x72a9ccfc5880>	Application
siemens	siveillance_identity	1.5	<built-in method update of dict object at 0x72a9ccfc4d80>	Application
siemens	siveillance_identity	1.6	<built-in method update of dict object at 0x72a9cc5c0880>	Application
veritas	access_appliance	7.4.3	<built-in method update of dict object at 0x72a9b0d78280>	Application
veritas	access_appliance	7.4.3.100	<built-in method update of dict object at 0x72a9b0d79480>	Application
veritas	access_appliance	7.4.3.200	<built-in method update of dict object at 0x72a9b0cbc7c0>	Application
veritas	access_appliance	7.4.3	<built-in method update of dict object at 0x72a9cc64fb00>	Application
veritas	access_appliance	7.4.3.100	<built-in method update of dict object at 0x72a9cc64f940>	Application
veritas	access_appliance	7.4.3.200	<built-in method update of dict object at 0x72a9cc64cac0>	Application
veritas	flex_appliance	1.3	<built-in method update of dict object at 0x72a9cc64cb80>	Application
veritas	flex_appliance	2.0	<built-in method update of dict object at 0x72a9b0cbdf00>	Application
veritas	flex_appliance	2.0.1	<built-in method update of dict object at 0x72a9b0cbdd40>	Application
veritas	flex_appliance	2.0.2	<built-in method update of dict object at 0x72a9b0d2c640>	Application
veritas	flex_appliance	2.1	<built-in method update of dict object at 0x72a9b0cbfdc0>	Application
veritas	netbackup_flex_scale_appliance	2.1	<built-in method update of dict object at 0x72a9ccedf200>	Application
veritas	netbackup_flex_scale_appliance	3.0	<built-in method update of dict object at 0x72a9b0cbd700>	Application
veritas	netbackup_appliance	4.0	<built-in method update of dict object at 0x72a9ccfae880>	Hardware
veritas	netbackup_appliance	4.0.0.1	<built-in method update of dict object at 0x72a9cc7ce3c0>	Hardware
veritas	netbackup_appliance	4.0.0.1	<built-in method update of dict object at 0x72a9b0dbe800>	Hardware
veritas	netbackup_appliance	4.0.0.1	<built-in method update of dict object at 0x72a9b090f700>	Hardware
veritas	netbackup_appliance	4.1	<built-in method update of dict object at 0x72a9ccedd300>	Hardware
veritas	netbackup_appliance	4.1.0.1	<built-in method update of dict object at 0x72a9cd07ba80>	Hardware
veritas	netbackup_appliance	4.1.0.1	<built-in method update of dict object at 0x72a9cc5c0340>	Hardware
veritas	netbackup_virtual_appliance	4.0	<built-in method update of dict object at 0x72a9cc5c0d40>	Hardware
veritas	netbackup_virtual_appliance	4.0.0.1	<built-in method update of dict object at 0x72a9cc5c0a80>	Hardware
veritas	netbackup_virtual_appliance	4.0.0.1	<built-in method update of dict object at 0x72a9cc5c12c0>	Hardware
veritas	netbackup_virtual_appliance	4.0.0.1	<built-in method update of dict object at 0x72a9cc5c0740>	Hardware
veritas	netbackup_virtual_appliance	4.1	<built-in method update of dict object at 0x72a9cc5c0200>	Hardware
veritas	netbackup_virtual_appliance	4.1.0.1	<built-in method update of dict object at 0x72a9cc5c01c0>	Hardware
veritas	netbackup_virtual_appliance	4.1.0.1	<built-in method update of dict object at 0x72a9cc5c0f80>	Hardware
siemens	operation_scheduler	*	<built-in method update of dict object at 0x72a9cc833e40>	Application
siemens	simatic_speech_assistant_for_machines	*	<built-in method update of dict object at 0x72a9cc833bc0>	Application
siemens	sinec_network_management_system	*	<built-in method update of dict object at 0x72a9cc833700>	Application
siemens	sipass_integrated	2.80	<built-in method update of dict object at 0x72a9cc830140>	Application
siemens	sipass_integrated	2.85	<built-in method update of dict object at 0x72a9cc833780>	Application
siemens	siveillance_identity	1.5	<built-in method update of dict object at 0x72a9cc8302c0>	Application
siemens	siveillance_identity	1.6	<built-in method update of dict object at 0x72a9cc833fc0>	Application
oracle	commerce_platform	11.3.2	<built-in method update of dict object at 0x72a9cc7efd00>	Application
oracle	communications_cloud_native_core_binding_support_function	22.1.3	<built-in method update of dict object at 0x72a9cc7ed040>	Application
oracle	communications_unified_inventory_management	7.4.1	<built-in method update of dict object at 0x72a9cc7ee200>	Application
oracle	communications_unified_inventory_management	7.4.2	<built-in method update of dict object at 0x72a9cc7edc00>	Application
oracle	communications_unified_inventory_management	7.5.0	<built-in method update of dict object at 0x72a9cc7eee80>	Application
oracle	retail_bulk_data_integration	16.0.3	<built-in method update of dict object at 0x72a9cc7ec300>	Application
oracle	retail_customer_management_and_segmentation_foundation	17.0	<built-in method update of dict object at 0x72a9cc7ef000>	Application
oracle	retail_customer_management_and_segmentation_foundation	18.0	<built-in method update of dict object at 0x72a9cc7ecd80>	Application
oracle	retail_customer_management_and_segmentation_foundation	19.0	<built-in method update of dict object at 0x72a9cc7ee380>	Application
oracle	retail_financial_integration	14.1.3.2	<built-in method update of dict object at 0x72a9cc7ef340>	Application
oracle	retail_financial_integration	15.0.3.1	<built-in method update of dict object at 0x72a9cc7eda00>	Application
oracle	retail_financial_integration	16.0.3	<built-in method update of dict object at 0x72a9cc7ece00>	Application
oracle	retail_financial_integration	19.0.1	<built-in method update of dict object at 0x72a9cc7edf80>	Application
oracle	retail_integration_bus	14.1.3.2	<built-in method update of dict object at 0x72a9cc7ecd00>	Application
oracle	retail_integration_bus	15.0.3.1	<built-in method update of dict object at 0x72a9cc7ee000>	Application
oracle	retail_integration_bus	16.0.3	<built-in method update of dict object at 0x72a9cc7ecfc0>	Application
oracle	retail_integration_bus	19.0.1	<built-in method update of dict object at 0x72a9cc7ecbc0>	Application
oracle	retail_merchandising_system	16.0.3	<built-in method update of dict object at 0x72a9cc7eef00>	Application
oracle	retail_merchandising_system	19.0.1	<built-in method update of dict object at 0x72a9cc7ef240>	Application
oracle	weblogic_server	12.2.1.3.0	<built-in method update of dict object at 0x72a9cc7ed980>	Application
oracle	weblogic_server	12.2.1.4.0	<built-in method update of dict object at 0x72a9cc7ee080>	Application
oracle	weblogic_server	14.1.1.0.0	<built-in method update of dict object at 0x72a9cc7ec900>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:vmware:spring_framework::::::::`
Yes	`cpe:2.3:a:vmware:spring_framework::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:a:oracle:jdk::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:cisco:cx_cloud_agent::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:::::::*`
Yes	`cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:::::::*`
Yes	`cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:::::::*`
Yes	`cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:::::::*`
Yes	`cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:::::::*`
Yes	`cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:::::::*`
Yes	`cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:::::::*`
Yes	`cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::`
Yes	`cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:::::::*`
Yes	`cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:::::::*`
Yes	`cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:::::::*`
Yes	`cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::*`
Yes	`cpe:2.3:a:oracle:sd-wan_edge:9.1:::::::*`
Yes	`cpe:2.3:a:siemens:operation_scheduler::::::::`
Yes	`cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*`
Yes	`cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*`
Yes	`cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*`
Yes	`cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:veritas:access_appliance:7.4.3:::::::*`
Yes	`cpe:2.3:a:veritas:access_appliance:7.4.3.100:::::::*`
Yes	`cpe:2.3:a:veritas:access_appliance:7.4.3.200:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:veritas:access_appliance:7.4.3:::::::*`
Yes	`cpe:2.3:a:veritas:access_appliance:7.4.3.100:::::::*`
Yes	`cpe:2.3:a:veritas:access_appliance:7.4.3.200:::::::*`
Yes	`cpe:2.3:a:veritas:flex_appliance:1.3:::::::*`
Yes	`cpe:2.3:a:veritas:flex_appliance:2.0:::::::*`
Yes	`cpe:2.3:a:veritas:flex_appliance:2.0.1:::::::*`
Yes	`cpe:2.3:a:veritas:flex_appliance:2.0.2:::::::*`
Yes	`cpe:2.3:a:veritas:flex_appliance:2.1:::::::*`
Yes	`cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:::::::*`
Yes	`cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:::::::*`
Yes	`cpe:2.3:h:veritas:netbackup_appliance:4.0:::::::*`
Yes	`cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1::::::`
Yes	`cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2::::::`
Yes	`cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3::::::`
Yes	`cpe:2.3:h:veritas:netbackup_appliance:4.1:::::::*`
Yes	`cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1::::::`
Yes	`cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2::::::`
Yes	`cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:::::::*`
Yes	`cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1::::::`
Yes	`cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2::::::`
Yes	`cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3::::::`
Yes	`cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:::::::*`
Yes	`cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1::::::`
Yes	`cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:siemens:operation_scheduler::::::::`
Yes	`cpe:2.3:a:siemens:simatic_speech_assistant_for_machines::::::::`
Yes	`cpe:2.3:a:siemens:sinec_network_management_system::::::::`
Yes	`cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*`
Yes	`cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*`
Yes	`cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*`
Yes	`cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:oracle:commerce_platform:11.3.2:::::::*`
Yes	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*`
Yes	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`
Yes	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`
Yes	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`
Yes	`cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:::::::*`
Yes	`cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:::::::*`
Yes	`cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:::::::*`
Yes	`cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*`
Yes	`cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:::::::*`
Yes	`cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:::::::*`
Yes	`cpe:2.3:a:oracle:retail_financial_integration:16.0.3:::::::*`
Yes	`cpe:2.3:a:oracle:retail_financial_integration:19.0.1:::::::*`
Yes	`cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:::::::*`
Yes	`cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:::::::*`
Yes	`cpe:2.3:a:oracle:retail_integration_bus:16.0.3:::::::*`
Yes	`cpe:2.3:a:oracle:retail_integration_bus:19.0.1:::::::*`
Yes	`cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:::::::*`
Yes	`cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:::::::*`
Yes	`cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*`
Yes	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`
Yes	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`

References

http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
Source: [email protected]

Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
Source: [email protected]

Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
Source: [email protected]

Patch Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
Source: [email protected]

Third Party Advisory
https://tanzu.vmware.com/security/cve-2022-22965
Source: [email protected]

Mitigation Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
Source: [email protected]

Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: [email protected]

Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Source: [email protected]

Patch Third Party Advisory
http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://tanzu.vmware.com/security/cve-2022-22965
Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.kb.cert.org/vuls/id/970766
Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource