CVE-2022-22947 - VMware Spring Cloud Gateway Code Injection Vulnerability
Project:VMware
Product:Spring Cloud Gateway
Date Added:2022-05-16Due Date:2022-06-06
Vulnerability Name
VMware Spring Cloud Gateway Code Injection Vulnerability
Description
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-22947