CVE-2022-22963 — Actively Exploited: Spring Cloud (VMware Tanzu)
When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
| CVE ID | CVE-2022-22963 |
|---|---|
| Vendor | VMware Tanzu |
| Product | Spring Cloud |
| Vulnerability name | VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability |
| Date added | 2022-08-25 |
| Remediation due | 2022-09-15 |
| Known ransomware use | Unknown |
| Required action | Apply updates per vendor instructions. |
| Description | When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →