← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-22947 — Actively Exploited: Spring Cloud Gateway (VMware)

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

CVE IDCVE-2022-22947
VendorVMware
ProductSpring Cloud Gateway
Vulnerability nameVMware Spring Cloud Gateway Code Injection Vulnerability
Date added2022-05-16
Remediation due2022-06-06
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionSpring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →