CVE-2022-22947

NVD Published Date: March 03, 2022 at 10:15 PM
NVD Last Modified: July 24, 2023 at 01:47 PM
Download Patch
Vulnerability ID
CVE-2022-22947
Severity
CRITICAL
Severity Score
10.0
Summary
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
References
Mitigation and Patches
Exploits

https://www.exploit-db.com/exploits/50799

https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/whwlsfb/cve-2022-22947-godzilla-memshell

https://github.com/Axx8/CVE-2022-22947_Rce_Exp

https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway

https://github.com/0730Nophone/CVE-2022-22947-

https://github.com/crowsec-edtech/CVE-2022-22947

https://github.com/0x7eTeam/CVE-2022-22947

https://github.com/Tas9er/SpringCloudGatewayRCE

https://github.com/Zh0um1/CVE-2022-22947

https://github.com/M0ge/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE

https://github.com/Wrin9/CVE-2022-22947

https://github.com/viemsr/spring_cloud_gateway_memshell

https://github.com/B0rn2d/Spring-Cloud-Gateway-Nacos

https://github.com/k3rwin/spring-cloud-gateway-rce

https://github.com/Enokiy/cve-2022-22947-spring-cloud-gateway

https://github.com/4nNns/CVE-2022-22947

https://github.com/dingxiao77/-cve-2022-22947-

https://github.com/twseptian/cve-2022-22947

https://github.com/Vulnmachines/spring-cve-2022-22947

https://github.com/hunzi0/CVE-2022-22947-Rce_POC

https://github.com/YutuSec/SpEL

https://github.com/Arrnitage/CVE-2022-22947_exp

https://github.com/SiJiDo/CVE-2022-22947

https://github.com/mrknow001/CVE-2022-22947

https://github.com/Greetdawn/CVE-2022-22947

https://github.com/anansec/CVE-2022-22947_EXP

https://github.com/darkb1rd/cve-2022-22947

https://github.com/sagaryadav8742/springcloudRCE

https://github.com/nu0l/cve-2022-22947

https://github.com/LY613313/CVE-2022-22947

https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/cgddgc/cve-2022-22947

https://github.com/carlosevieira/CVE-2022-22947

https://github.com/Axx8/CVE-2022-22947_Rce_Exp

https://github.com/Tas9er/SpringCloudGatewayRCE

https://github.com/Vulnmachines/spring-cve-2022-22947

https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway

https://github.com/dingxiao77/-cve-2022-22947-

https://github.com/chaosec2021/CVE-2022-22947-POC

https://github.com/march0s1as/CVE-2022-22947

https://github.com/mrknow001/CVE-2022-22947

https://github.com/shakeman8/CVE-2022-22947-RCE

https://github.com/YutuSec/SpEL

https://github.com/aodsec/CVE-2022-22947

https://github.com/An0th3r/CVE-2022-22947-exp

https://github.com/k3rwin/spring-cloud-gateway-rce

https://github.com/darkb1rd/cve-2022-22947

http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html

https://github.com/Wrin9/CVE-2022-22947

https://github.com/viemsr/spring_cloud_gateway_memshell

https://github.com/crowsec-edtech/CVE-2022-22947

https://github.com/Enokiy/cve-2022-22947-spring-cloud-gateway

https://github.com/j-jasson/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE

https://github.com/helloexp/CVE-2022-22947

https://github.com/york-cmd/CVE-2022-22947-goby

https://github.com/sagaryadav8742/springcloudRCE

https://github.com/Xd-tl/CVE-2022-22947-Rce_POC

https://github.com/F6JO/Burp_VulPscan

https://github.com/twseptian/cve-2022-22947

https://github.com/Greetdawn/CVE-2022-22947

https://github.com/whwlsfb/cve-2022-22947-godzilla-memshell

https://github.com/stayfoolish777/CVE-2022-22947-POC

https://github.com/Arrnitage/CVE-2022-22947-exp

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://twitter.com/MsftSecIntel/status/1525158223514423303

https://github.com/0730Nophone/CVE-2022-22947-

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://github.com/B0rn2d/Spring-Cloud-Gateway-Nacos

https://github.com/anansec/CVE-2022-22947_EXP

https://github.com/Ha0Liu/CVE-2022-22947

https://github.com/LY613313/CVE-2022-22947

https://github.com/hunzi0/CVE-2022-22947-Rce_POC

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/spring_cloud_gateway_rce.rb

http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html

https://github.com/savior-only/CVE-2022-22947

https://github.com/SiJiDo/CVE-2022-22947

https://github.com/Arrnitage/CVE-2022-22947_exp

https://github.com/nu0l/cve-2022-22947

https://github.com/M0ge/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE

https://github.com/Zh0um1/CVE-2022-22947

https://github.com/4nNns/CVE-2022-22947

https://github.com/0x7eTeam/CVE-2022-22947

https://github.com/charonlight/SpringExploitGUI

Metasploit Payload
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE ID
CWE-917

Recent Publish

KB5046618

KB5046630

CVE-2024-52441

CVE-2024-52439

KB5046633

KB5046639

See More ...

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud Agent Tenable Nessus Rapid7 InsightVM
Company
About Us Contact Career
Resources
Blog Sample Reports CVE Windows KB Case Studies eBooks Policy Templates Webinar
Try It
Patch Astra EPSS Calculator Contact Free Scan Schedule Demo Log In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :