fkie_nvd - fkie_cve-2022-22963

fkie_cve-2022-22963

Vulnerability from fkie_nvd

Published

2022-04-01 23:15

Modified

2025-03-13 16:36

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

References

URL	Tags
security@vmware.com	http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html	Exploit, Third Party Advisory, VDB Entry
security@vmware.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005	Third Party Advisory
security@vmware.com	https://tanzu.vmware.com/security/cve-2022-22963	Vendor Advisory
security@vmware.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH	Third Party Advisory
security@vmware.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
security@vmware.com	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tanzu.vmware.com/security/cve-2022-22963	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
vmware	spring_cloud_function	*
vmware	spring_cloud_function	*
oracle	banking_branch	14.5
oracle	banking_cash_management	14.5
oracle	banking_corporate_lending_process_management	14.5
oracle	banking_credit_facilities_process_management	14.5
oracle	banking_electronic_data_exchange_for_corporates	14.5
oracle	banking_liquidity_management	14.2
oracle	banking_liquidity_management	14.5
oracle	banking_origination	14.5
oracle	banking_supply_chain_finance	14.5
oracle	banking_trade_finance_process_management	14.5
oracle	banking_virtual_account_management	14.5
oracle	communications_cloud_native_core_automated_test_suite	1.9.0
oracle	communications_cloud_native_core_automated_test_suite	22.1.0
oracle	communications_cloud_native_core_console	1.9.0
oracle	communications_cloud_native_core_console	22.1.0
oracle	communications_cloud_native_core_network_exposure_function	22.1.0
oracle	communications_cloud_native_core_network_function_cloud_native_environment	1.10.0
oracle	communications_cloud_native_core_network_function_cloud_native_environment	22.1.0
oracle	communications_cloud_native_core_network_function_cloud_native_environment	22.1.2
oracle	communications_cloud_native_core_network_repository_function	1.15.0
oracle	communications_cloud_native_core_network_repository_function	22.1.0
oracle	communications_cloud_native_core_network_slice_selection_function	1.8.0
oracle	communications_cloud_native_core_network_slice_selection_function	22.1.0
oracle	communications_cloud_native_core_policy	1.15.0
oracle	communications_cloud_native_core_policy	22.1.0
oracle	communications_cloud_native_core_policy	22.1.3
oracle	communications_cloud_native_core_security_edge_protection_proxy	1.7.0
oracle	communications_cloud_native_core_security_edge_protection_proxy	22.1.0
oracle	communications_cloud_native_core_unified_data_repository	1.15.0
oracle	communications_cloud_native_core_unified_data_repository	22.1.0
oracle	communications_communications_policy_management	12.6.0.0.0
oracle	financial_services_analytical_applications_infrastructure	8.1.1.0
oracle	financial_services_analytical_applications_infrastructure	8.1.2.0
oracle	financial_services_behavior_detection_platform	8.1.1.0
oracle	financial_services_behavior_detection_platform	8.1.1.1
oracle	financial_services_behavior_detection_platform	8.1.2.0
oracle	financial_services_enterprise_case_management	8.1.1.0
oracle	financial_services_enterprise_case_management	8.1.1.1
oracle	financial_services_enterprise_case_management	8.1.2.0
oracle	mysql_enterprise_monitor	*
oracle	product_lifecycle_analytics	3.6.1.0
oracle	retail_xstore_point_of_service	20.0.1
oracle	retail_xstore_point_of_service	21.0.0
oracle	sd-wan_edge	9.0
oracle	sd-wan_edge	9.1

JSON

To clipboard

{
  "cisaActionDue": "2022-09-15",
  "cisaExploitAdd": "2022-08-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "905988BB-71EE-49CE-A73C-FBD4488299D2",
              "versionEndIncluding": "3.1.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43C88657-BCAC-40EB-83EB-2FF70F9173A0",
              "versionEndIncluding": "3.2.2",
              "versionStartIncluding": "3.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_branch:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAE9DFCA-E0C2-420D-86D7-5593F12EE945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_cash_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "626C6209-8BC3-4954-BF0C-51500582457E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE231C5-8BF0-48F4-81EF-7186814664CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA5FF83-B693-4DAB-B585-0FD641266231",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_electronic_data_exchange_for_corporates:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B6968A-9EB3-46B6-9BD4-735EFED3F869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FC2BF9-B6D7-420E-9CF5-21AB770B9CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5A1417-2C59-431F-BF5C-A2BCFEBC95FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_origination:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D6889DD-D320-470C-BA94-165AC79A3AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AB3A29-0994-46F4-8093-B4A9CE0BD95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4A9041-B9BC-451C-B1BD-4E2FD795BF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2696CD1-9514-405D-A3B3-8308EC1FA571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DF6C109-E3D3-431C-8101-2FF88763CF5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5BB2213-08E7-497F-B672-556FD682D122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E6C8E9-2024-496C-9BFD-4548A5B44E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3221BB-E48E-4B28-B84F-C888EE802A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0425918A-03F1-4541-BDEF-55B03E07E115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B0C905A-EA99-4B4E-A350-7F6A63CD6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D235B299-9A0E-44FF-84F1-2FFBC070A21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2E50B0-64B6-4696-9213-F5D9016058A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "570DB369-A31B-4108-A7FD-09F674129603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC69CF0-6269-40F5-871B-16CFD5EC4C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "172BECE8-9626-4910-AAA1-A2FA9C7139E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "078AEFC0-96DA-4F50-BE8E-8360718103A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
              "versionEndIncluding": "8.0.29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0531C009-B395-4E94-A5F0-A89A152E706B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB16F34-D561-498F-A8C3-A24A47BCEBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources."
    },
    {
      "lang": "es",
      "value": "En Spring Cloud Function versiones 3.1.6, 3.2.2 y versiones anteriores no soportadas, cuando es usada la funcionalidad routing es posible que un usuario proporcione un SpEL especialmente dise\u00f1ado como expresi\u00f3n de enrutamiento que puede resultar en la ejecuci\u00f3n de c\u00f3digo remota y el acceso a recursos locales"
    }
  ],
  "id": "CVE-2022-22963",
  "lastModified": "2025-03-13T16:36:53.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-04-01T23:15:13.663",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22963"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-22963 (GCVE-0-2022-22963)

Vulnerability from cvelistv5

Published

2022-04-01 00:00

Modified

2025-07-30 01:37

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')