CVE-2022-22963
01.04.2022, 23:15
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_function | 𝑥 ≤ 3.1.6 |
| vmware | spring_cloud_function | 3.2.0 ≤ 𝑥 ≤ 3.2.2 |
| oracle | banking_branch | 14.5 |
| oracle | banking_cash_management | 14.5 |
| oracle | banking_corporate_lending_process_management | 14.5 |
| oracle | banking_credit_facilities_process_management | 14.5 |
| oracle | banking_electronic_data_exchange_for_corporates | 14.5 |
| oracle | banking_liquidity_management | 14.2 |
| oracle | banking_liquidity_management | 14.5 |
| oracle | banking_origination | 14.5 |
| oracle | banking_supply_chain_finance | 14.5 |
| oracle | banking_trade_finance_process_management | 14.5 |
| oracle | banking_virtual_account_management | 14.5 |
| oracle | communications_cloud_native_core_automated_test_suite | 1.9.0 |
| oracle | communications_cloud_native_core_automated_test_suite | 22.1.0 |
| oracle | communications_cloud_native_core_console | 1.9.0 |
| oracle | communications_cloud_native_core_console | 22.1.0 |
| oracle | communications_cloud_native_core_network_exposure_function | 22.1.0 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.0 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.2 |
| oracle | communications_cloud_native_core_network_repository_function | 1.15.0 |
| oracle | communications_cloud_native_core_network_repository_function | 22.1.0 |
| oracle | communications_cloud_native_core_network_slice_selection_function | 1.8.0 |
| oracle | communications_cloud_native_core_network_slice_selection_function | 22.1.0 |
| oracle | communications_cloud_native_core_policy | 1.15.0 |
| oracle | communications_cloud_native_core_policy | 22.1.0 |
| oracle | communications_cloud_native_core_policy | 22.1.3 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.7.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.0 |
| oracle | communications_cloud_native_core_unified_data_repository | 1.15.0 |
| oracle | communications_cloud_native_core_unified_data_repository | 22.1.0 |
| oracle | communications_communications_policy_management | 12.6.0.0.0 |
| oracle | financial_services_analytical_applications_infrastructure | 8.1.1.0 |
| oracle | financial_services_analytical_applications_infrastructure | 8.1.2.0 |
| oracle | financial_services_behavior_detection_platform | 8.1.1.0 |
| oracle | financial_services_behavior_detection_platform | 8.1.1.1 |
| oracle | financial_services_behavior_detection_platform | 8.1.2.0 |
| oracle | financial_services_enterprise_case_management | 8.1.1.0 |
| oracle | financial_services_enterprise_case_management | 8.1.1.1 |
| oracle | financial_services_enterprise_case_management | 8.1.2.0 |
| oracle | mysql_enterprise_monitor | 𝑥 ≤ 8.0.29 |
| oracle | product_lifecycle_analytics | 3.6.1.0 |
| oracle | retail_xstore_point_of_service | 20.0.1 |
| oracle | retail_xstore_point_of_service | 21.0.0 |
| oracle | sd-wan_edge | 9.0 |
| oracle | sd-wan_edge | 9.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
- CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')The software constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.
References