Published: 04/03/2022 Updated: 22/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

In spring cloud gateway versions before 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring cloud gateway 3.1.0
oracle commerce guided search 11.3.2
oracle communications cloud native core binding support function 22.1.3
oracle communications cloud native core network repository function 22.2.0
oracle communications cloud native core security edge protection proxy 22.1.1
oracle communications cloud native core console 22.2.0
oracle communications cloud native core network repository function 22.1.2

Spring_CVE_2022_22947:Spring Cloud Gateway现高风险漏洞cve,poc漏洞利用,一键利用,开箱即用

Spring_CVE_2022_22947 Spring_CVE_2022_22947:Spring Cloud Gateway现高风险漏洞cve,poc漏洞利用,一键利用,开箱即用漏洞描述：##### #漏洞漏洞描述：##### Spring Cloud Gateway Spring中API网关攻击。310及306版本（包含）之前存在SpEL表达式的插件，当开发者可以利用Actuator API的执行情况下，将是该漏洞的命令选

CWE-295 https://tanzu.vmware.com/security/cve-2022-22946 https://www.oracle.com/security-alerts/cpujul2022.html https://nvd.nist.gov https://github.com/wjl110/Spring_CVE_2022_22947

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-22946

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect