var-202203-1506
Vulnerability from variot
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:
A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Installation instructions are available from the Fuse 7.10 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: Red Hat Decision Manager 7.12.1 security update Advisory ID: RHSA-2022:1379-01 Product: Red Hat Decision Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:1379 Issue date: 2022-04-14 CVE Names: CVE-2022-22965 ==================================================================== 1. Summary:
An update is now available for Red Hat Decision Manager.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and business optimization for solving planning problems. It automates business decisions and makes that logic available to the entire business.
This asynchronous security patch is an update to Red Hat Decision Manager 7.
Security Fix(es):
- spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes the Spring MVC and WebFlux jars.
For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+
- References:
https://access.redhat.com/security/cve/CVE-2022-22965 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=rhdm&version=7.12.1
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2 /Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW RY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB CZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU aFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM Cbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa 7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv zP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2 EC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD Bw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6 DCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD Pjhf0e6lKl4=xaz4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1.0.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "netbackup flex scale appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "3.0"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0.0.1"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "1.3"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "netbackup flex scale appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.1"
},
{
"model": "communications cloud native core automated test suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.3.18"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3.200"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0"
},
{
"model": "communications cloud native core automated test suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0.2"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.20"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0.0.1"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0"
},
{
"model": "communications cloud native core network exposure function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "operation scheduler",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.4"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0.0.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.29"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
},
{
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "cx cloud agent",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.0"
},
{
"model": "simatic speech assistant for machines",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2.1"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1.0.1"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3.100"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0.1"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.3.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0"
},
{
"model": "sinec network management system",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.3"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Will DormannWe have not received a statement from the vendor.",
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
}
],
"trust": 0.8
},
"cve": "CVE-2022-22965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22965",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-411825",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22965",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22965",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2642",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2514",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-411825",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-22965",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. The purpose of this text-only errata is to inform you\nabout the security issues fixed in this release. Description:\n\nA micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat\nCamel K that includes CVE fixes in the base images, which are documented in\nthe Release Notes document linked in the References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. \n\nInstallation instructions are available from the Fuse 7.10 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Low: Red Hat Decision Manager 7.12.1 security update\nAdvisory ID: RHSA-2022:1379-01\nProduct: Red Hat Decision Manager\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1379\nIssue date: 2022-04-14\nCVE Names: CVE-2022-22965\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Decision Manager. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and business optimization for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nThis asynchronous security patch is an update to Red Hat Decision Manager\n7. \n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+\n(CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. \n\nThis release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes\nthe Spring MVC and WebFlux jars. \n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-22965\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-003\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=rhdm\u0026version=7.12.1\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2\n/Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW\nRY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB\nCZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU\naFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM\nCbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa\n7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv\nzP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2\nEC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD\nBw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6\nDCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD\nPjhf0e6lKl4=xaz4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22965"
},
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-411825",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22965",
"trust": 3.9
},
{
"db": "CERT/CC",
"id": "VU#970766",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "166713",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167011",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-254054",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022040109",
"trust": 1.2
},
{
"db": "CS-HELP",
"id": "SB2022033109",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "166691",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166732",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166874",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070602",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060716",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042734",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042546",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060304",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071213",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052302",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042277",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072087",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041951",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042126",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3155",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5097",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1844",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1636",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1593",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1444.8",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1674",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-286-05",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411825",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166715",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166731",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166872",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"id": "VAR-202203-1506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
}
],
"trust": 0.70416665
},
"last_update_date": "2024-11-24T22:51:37.547000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Spring Framework Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187595"
},
{
"title": "Red Hat: Low: Red Hat Process Automation Manager 7.12.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221378 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Decision Manager 7.12.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221379 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat AMQ Broker 7.9.4 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221627 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Fuse 7.10.2 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221360 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Integration Camel-K 1.6.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221333 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221306 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat AMQ Broker 7.8.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221626 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e6cbc0e97f1832a63f66e10869253ecf"
},
{
"title": "Cisco: Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/coffeehb/Spring4Shell "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"trust": 2.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-java-spring-rce-zx9guc67"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/166713/spring4shell-code-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/167011/spring4shell-spring-framework-class-property-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/security/cve/cve-2022-22965"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0005"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040109"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022033109"
},
{
"trust": 1.0,
"url": "https://www.kb.cert.org/vuls/id/970766"
},
{
"trust": 0.8,
"url": "cve-2022-22965 "
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2022-003"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22965"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1674"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072038"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1593"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042126"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22965/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166874/red-hat-security-advisory-2022-1626-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041951"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042546"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060304"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166691/red-hat-security-advisory-2022-1306-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1844"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166732/red-hat-security-advisory-2022-1379-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070602"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071213"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072087"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060716"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042277"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1444.8"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042734"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060811"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5097"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-286-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3155"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1636"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052302"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1306"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.10.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=rhpam\u0026downloadtype=securitypatches\u0026version=7.12.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1378"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=rhdm\u0026version=7.12.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.8.6"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1626"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.9.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-31T00:00:00",
"db": "CERT/CC",
"id": "VU#970766"
},
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-411825"
},
{
"date": "2022-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"date": "2022-04-11T17:36:49",
"db": "PACKETSTORM",
"id": "166691"
},
{
"date": "2022-04-13T15:01:19",
"db": "PACKETSTORM",
"id": "166706"
},
{
"date": "2022-04-13T22:20:55",
"db": "PACKETSTORM",
"id": "166715"
},
{
"date": "2022-04-15T15:24:03",
"db": "PACKETSTORM",
"id": "166731"
},
{
"date": "2022-04-15T15:24:12",
"db": "PACKETSTORM",
"id": "166732"
},
{
"date": "2022-04-27T18:19:24",
"db": "PACKETSTORM",
"id": "166874"
},
{
"date": "2022-04-27T18:18:11",
"db": "PACKETSTORM",
"id": "166872"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"date": "2022-04-01T23:15:13.870000",
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-19T00:00:00",
"db": "CERT/CC",
"id": "VU#970766"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-411825"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"date": "2022-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"date": "2024-11-21T06:47:42.050000",
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Code injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.