VMware Spring Cloud Gateway Code Injection Vulnerability

Technical Severity

CRITICAL

10 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation Likelihood

94.46 %

Predictive Probability

Percentile Rank

100.0 th

Documented as more likely to be exploited than 100.0% of known CVEs.

Detection Date

May 16, 2022

Remediation Due

Jun 06, 2022

CISA Catalog Active

Threat Analysis

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

Apply updates per vendor instructions.

Vendor Identity

VMware

Affected Product

Spring Cloud Gateway

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-94

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2022-22947