CVE-2022-22965 - Remote code execution
Original CVE data
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Cisco - (1)
Oracle - (26)
Siemens - (5)
Veritas - (5)
Vmware - (1)
Common vulnerability metrics
Remote code execution
Exploits are available either through exploit packs, Github repos or the world wide web in general.
Vulnerability is referenced under CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog
Vulnerability is mentioned or trending in social media.
Vulnerability is being actively exploited by threat actors during campaigns.
How the vulnerability maps against various cybersecurity frameworks
How the submited vulnerability affects compliance
Web Application Security Frameworks
Applicable if the issue likely affects a web application