Vulnerability Details : CVE-2022-22947


CVE Name: CVE-2022-22947: Code Execution vulnerability on Vmware Spring Cloud Gateway
Description: In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Publish date: 2022-03-03T22:15Z
Last Update: 2022-04-20T00:16Z

CVSS Scores & Vulnerability Types


CVSS Score
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH
Actack VectorNETWORK
Actack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeCHANGED
Vulnerability Type(s)Code Execution
CWE ID94

Products Affected By CVE-2022-22947


# Vendor Product Vulnerable Versions
1 Vmware Spring Cloud Gateway 2

Detail of Verions Affected


# Product Type Vendor Product Version
1 Application Vmware Spring Cloud Gateway *
2 Application Vmware Spring Cloud Gateway 3.1.0