/

CVE-2022-22965 Report - Details, Severity, Advisories and More

CVE-2022-22965 Report - Details, Severity, Advisories and More

Twingate Team

Dec 9, 2023

CVE-2022-22965 is a critical remote code execution (RCE) vulnerability affecting Spring MVC or Spring WebFlux applications running on JDK 9 or higher. With a severity rating of 9.8, this vulnerability can be exploited via data binding and specifically impacts systems deployed on Tomcat as a WAR deployment. To mitigate the risk, users should upgrade to the fixed versions of the Spring Framework (5.3.18+ for 5.3.x users and 5.2.20+ for 5.2.x users). For more information, visit the CVE-2022-22965 page on the Spring website and the National Vulnerability Database page.

How do I know if I'm affected by CVE-2022-22965?

If you're using a Spring MVC or Spring WebFlux application running on JDK 9 or higher, you might be affected by the CVE-2022-22965 vulnerability. This vulnerability can lead to remote code execution (RCE) via data binding, but only if your application is deployed as a WAR on Tomcat. Affected Spring Framework versions include 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older unsupported versions. To check if you're affected, verify your application's deployment method and Spring Framework version.

What should I do if I'm affected by CVE-2022-22965?

If you're affected by the CVE-2022-22965 vulnerability, it's crucial to take action to secure your system. To do this, follow these simple steps:

  1. Upgrade to Spring Framework version 5.3.18+ if using version 5.3.x.

  2. Upgrade to Spring Framework version 5.2.20+ if using version 5.2.x.

  3. If you can't upgrade to the fixed versions, follow additional mitigation steps described in the Spring Framework's security advisory.

By following these steps, you can help protect your system from potential attacks exploiting this vulnerability.

Where can I go to learn more?

Below, you’ll find several additional resources related to the CVE-2022-22965 vulnerability. These resources offer more information on the exploit, patches, and mitigation strategies. For a better understanding, check out the following resources:

Is CVE-2022-22965 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-22965 vulnerability, also known as "Spring Framework JDK 9+ Remote Code Execution Vulnerability," is indeed in CISA's Known Exploited Vulnerabilities Catalog. It was added on April 4, 2022, and has a due date of April 25, 2022. The required action is to apply updates per vendor instructions. In simple terms, this vulnerability affects certain Spring MVC or Spring WebFlux applications running on JDK 9 or higher and deployed on Apache Tomcat as a WAR deployment, allowing attackers to execute remote code. Upgrading to the recommended versions is the primary mitigation step.

Weakness enumeration

The "Weakness Enumeration" section discusses a code injection vulnerability (CWE-94) in Spring MVC or Spring WebFlux applications running on JDK 9+ and deployed on Tomcat as a WAR.

For more details

CVE-2022-22965 vulnerability poses a significant risk to affected systems, it's clear that organizations should take necessary precautions to mitigate the risks associated with this critical security issue. For more information about the CVE-2022-22965 vulnerability, visit the National Vulnerability Database page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2022-22965 Report - Details, Severity, Advisories and More

CVE-2022-22965 Report - Details, Severity, Advisories and More

Twingate Team

Dec 9, 2023

CVE-2022-22965 is a critical remote code execution (RCE) vulnerability affecting Spring MVC or Spring WebFlux applications running on JDK 9 or higher. With a severity rating of 9.8, this vulnerability can be exploited via data binding and specifically impacts systems deployed on Tomcat as a WAR deployment. To mitigate the risk, users should upgrade to the fixed versions of the Spring Framework (5.3.18+ for 5.3.x users and 5.2.20+ for 5.2.x users). For more information, visit the CVE-2022-22965 page on the Spring website and the National Vulnerability Database page.

How do I know if I'm affected by CVE-2022-22965?

If you're using a Spring MVC or Spring WebFlux application running on JDK 9 or higher, you might be affected by the CVE-2022-22965 vulnerability. This vulnerability can lead to remote code execution (RCE) via data binding, but only if your application is deployed as a WAR on Tomcat. Affected Spring Framework versions include 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older unsupported versions. To check if you're affected, verify your application's deployment method and Spring Framework version.

What should I do if I'm affected by CVE-2022-22965?

If you're affected by the CVE-2022-22965 vulnerability, it's crucial to take action to secure your system. To do this, follow these simple steps:

  1. Upgrade to Spring Framework version 5.3.18+ if using version 5.3.x.

  2. Upgrade to Spring Framework version 5.2.20+ if using version 5.2.x.

  3. If you can't upgrade to the fixed versions, follow additional mitigation steps described in the Spring Framework's security advisory.

By following these steps, you can help protect your system from potential attacks exploiting this vulnerability.

Where can I go to learn more?

Below, you’ll find several additional resources related to the CVE-2022-22965 vulnerability. These resources offer more information on the exploit, patches, and mitigation strategies. For a better understanding, check out the following resources:

Is CVE-2022-22965 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-22965 vulnerability, also known as "Spring Framework JDK 9+ Remote Code Execution Vulnerability," is indeed in CISA's Known Exploited Vulnerabilities Catalog. It was added on April 4, 2022, and has a due date of April 25, 2022. The required action is to apply updates per vendor instructions. In simple terms, this vulnerability affects certain Spring MVC or Spring WebFlux applications running on JDK 9 or higher and deployed on Apache Tomcat as a WAR deployment, allowing attackers to execute remote code. Upgrading to the recommended versions is the primary mitigation step.

Weakness enumeration

The "Weakness Enumeration" section discusses a code injection vulnerability (CWE-94) in Spring MVC or Spring WebFlux applications running on JDK 9+ and deployed on Tomcat as a WAR.

For more details

CVE-2022-22965 vulnerability poses a significant risk to affected systems, it's clear that organizations should take necessary precautions to mitigate the risks associated with this critical security issue. For more information about the CVE-2022-22965 vulnerability, visit the National Vulnerability Database page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2022-22965 Report - Details, Severity, Advisories and More

Twingate Team

Dec 9, 2023

CVE-2022-22965 is a critical remote code execution (RCE) vulnerability affecting Spring MVC or Spring WebFlux applications running on JDK 9 or higher. With a severity rating of 9.8, this vulnerability can be exploited via data binding and specifically impacts systems deployed on Tomcat as a WAR deployment. To mitigate the risk, users should upgrade to the fixed versions of the Spring Framework (5.3.18+ for 5.3.x users and 5.2.20+ for 5.2.x users). For more information, visit the CVE-2022-22965 page on the Spring website and the National Vulnerability Database page.

How do I know if I'm affected by CVE-2022-22965?

If you're using a Spring MVC or Spring WebFlux application running on JDK 9 or higher, you might be affected by the CVE-2022-22965 vulnerability. This vulnerability can lead to remote code execution (RCE) via data binding, but only if your application is deployed as a WAR on Tomcat. Affected Spring Framework versions include 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older unsupported versions. To check if you're affected, verify your application's deployment method and Spring Framework version.

What should I do if I'm affected by CVE-2022-22965?

If you're affected by the CVE-2022-22965 vulnerability, it's crucial to take action to secure your system. To do this, follow these simple steps:

  1. Upgrade to Spring Framework version 5.3.18+ if using version 5.3.x.

  2. Upgrade to Spring Framework version 5.2.20+ if using version 5.2.x.

  3. If you can't upgrade to the fixed versions, follow additional mitigation steps described in the Spring Framework's security advisory.

By following these steps, you can help protect your system from potential attacks exploiting this vulnerability.

Where can I go to learn more?

Below, you’ll find several additional resources related to the CVE-2022-22965 vulnerability. These resources offer more information on the exploit, patches, and mitigation strategies. For a better understanding, check out the following resources:

Is CVE-2022-22965 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-22965 vulnerability, also known as "Spring Framework JDK 9+ Remote Code Execution Vulnerability," is indeed in CISA's Known Exploited Vulnerabilities Catalog. It was added on April 4, 2022, and has a due date of April 25, 2022. The required action is to apply updates per vendor instructions. In simple terms, this vulnerability affects certain Spring MVC or Spring WebFlux applications running on JDK 9 or higher and deployed on Apache Tomcat as a WAR deployment, allowing attackers to execute remote code. Upgrading to the recommended versions is the primary mitigation step.

Weakness enumeration

The "Weakness Enumeration" section discusses a code injection vulnerability (CWE-94) in Spring MVC or Spring WebFlux applications running on JDK 9+ and deployed on Tomcat as a WAR.

For more details

CVE-2022-22965 vulnerability poses a significant risk to affected systems, it's clear that organizations should take necessary precautions to mitigate the risks associated with this critical security issue. For more information about the CVE-2022-22965 vulnerability, visit the National Vulnerability Database page.