Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
7 vulnerabilities found for Spring cloud Gateway by VMware
CVE-2026-22750 (GCVE-0-2026-22750)
Vulnerability from nvd – Published: 2026-04-10 07:32 – Updated: 2026-04-10 12:59
VLAI?
Title
SSL bundle configuration silently bypassed in Spring Cloud Gateway
Summary
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.
Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.
Severity ?
7.5 (High)
CWE
- CWE-15 - External Control of System or Configuration Setting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Spring Cloud Gateway |
Affected:
4.2.0 , < 4.2.1
(ENTERPRISE)
|
Date Public ?
2026-04-09 14:15
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T12:59:10.606788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15 External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T12:59:14.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Spring Cloud Gateway",
"product": "Spring Cloud Gateway",
"vendor": "VMware",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "ENTERPRISE"
}
]
}
],
"datePublic": "2026-04-09T14:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u0026nbsp;\u003ccode\u003espring.ssl.bundle\u003c/code\u003e, the configuration was silently ignored and the default SSL configuration was used instead.\u003cbr\u003eNote: The\u0026nbsp;\u003ccode\u003e4.2.x\u003c/code\u003e\u0026nbsp;branch is no longer under open source support. If you are using Spring Cloud Gateway\u0026nbsp;\u003ccode\u003e4.2.0\u003c/code\u003e\u0026nbsp;and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u0026nbsp;\u003ccode\u003e4.2.x\u003c/code\u003e\u0026nbsp;release newer than\u0026nbsp;\u003ccode\u003e4.2.0\u003c/code\u003e\u0026nbsp;\u003ca href=\"https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/\"\u003eavailable on Maven Centeral\u003c/a\u003e. Ideally if you are not an enterprise customer, you should be upgrading to\u0026nbsp;\u003ccode\u003e5.0.2\u003c/code\u003e\u0026nbsp;or\u0026nbsp;\u003ccode\u003e5.1.1\u003c/code\u003e\u0026nbsp;which are the current supported open source releases."
}
],
"value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u00a0spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.\nNote: The\u00a04.2.x\u00a0branch is no longer under open source support. If you are using Spring Cloud Gateway\u00a04.2.0\u00a0and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u00a04.2.x\u00a0release newer than\u00a04.2.0\u00a0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to\u00a05.0.2\u00a0or\u00a05.1.1\u00a0which are the current supported open source releases."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T07:32:31.260Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-22750"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSL bundle configuration silently bypassed in Spring Cloud Gateway",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-22750",
"datePublished": "2026-04-10T07:32:31.260Z",
"dateReserved": "2026-01-09T06:55:03.990Z",
"dateUpdated": "2026-04-10T12:59:14.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41235 (GCVE-0-2025-41235)
Vulnerability from nvd – Published: 2025-05-30 05:57 – Updated: 2025-05-30 12:27
VLAI?
Title
CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
Summary
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
Severity ?
8.6 (High)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| VMware | Spring cloud Gateway |
Affected:
2.2.10.RELEASE - 4.2.2, 4.3.0-{M1, M2, RC1} , < 4.3.0, 4.2.3, 4.1.8, 4.0.12, 3.1.10
(oss, commercial)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T12:26:59.701790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T12:27:17.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Spring cloud Gateway",
"platforms": [
"Any"
],
"product": "Spring cloud Gateway",
"vendor": "VMware",
"versions": [
{
"lessThan": "4.3.0, 4.2.3, 4.1.8, 4.0.12, 3.1.10",
"status": "affected",
"version": "2.2.10.RELEASE - 4.2.2, 4.3.0-{M1, M2, RC1}",
"versionType": "oss, commercial"
}
]
},
{
"defaultStatus": "affected",
"packageName": "Spring cloud Gateway Server MVC",
"platforms": [
"Any"
],
"product": "Spring Cloud Gateway Server MVC",
"vendor": "VMware",
"versions": [
{
"lessThan": "4.3.0, 4.2.3, 4.1.8",
"status": "affected",
"version": "4.1.7 - 4.2.2, 4.3.0-{M1, M2, RC1}",
"versionType": "OSS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSpring Cloud Gateway Server forwards the \u003ccode\u003eX-Forwarded-For\u003c/code\u003e\u0026nbsp;and \u003ccode\u003eForwarded\u003c/code\u003e\u0026nbsp;headers from untrusted proxies.\u003c/p\u003e"
}
],
"value": "Spring Cloud Gateway Server forwards the X-Forwarded-For\u00a0and Forwarded\u00a0headers from untrusted proxies."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T05:57:16.411Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2025-41235"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41235",
"datePublished": "2025-05-30T05:57:16.411Z",
"dateReserved": "2025-04-16T09:30:17.798Z",
"dateUpdated": "2025-05-30T12:27:17.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-22750 (GCVE-0-2026-22750)
Vulnerability from cvelistv5 – Published: 2026-04-10 07:32 – Updated: 2026-04-10 12:59
VLAI?
Title
SSL bundle configuration silently bypassed in Spring Cloud Gateway
Summary
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.
Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.
Severity ?
7.5 (High)
CWE
- CWE-15 - External Control of System or Configuration Setting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Spring Cloud Gateway |
Affected:
4.2.0 , < 4.2.1
(ENTERPRISE)
|
Date Public ?
2026-04-09 14:15
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T12:59:10.606788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15 External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T12:59:14.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Spring Cloud Gateway",
"product": "Spring Cloud Gateway",
"vendor": "VMware",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "ENTERPRISE"
}
]
}
],
"datePublic": "2026-04-09T14:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u0026nbsp;\u003ccode\u003espring.ssl.bundle\u003c/code\u003e, the configuration was silently ignored and the default SSL configuration was used instead.\u003cbr\u003eNote: The\u0026nbsp;\u003ccode\u003e4.2.x\u003c/code\u003e\u0026nbsp;branch is no longer under open source support. If you are using Spring Cloud Gateway\u0026nbsp;\u003ccode\u003e4.2.0\u003c/code\u003e\u0026nbsp;and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u0026nbsp;\u003ccode\u003e4.2.x\u003c/code\u003e\u0026nbsp;release newer than\u0026nbsp;\u003ccode\u003e4.2.0\u003c/code\u003e\u0026nbsp;\u003ca href=\"https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/\"\u003eavailable on Maven Centeral\u003c/a\u003e. Ideally if you are not an enterprise customer, you should be upgrading to\u0026nbsp;\u003ccode\u003e5.0.2\u003c/code\u003e\u0026nbsp;or\u0026nbsp;\u003ccode\u003e5.1.1\u003c/code\u003e\u0026nbsp;which are the current supported open source releases."
}
],
"value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u00a0spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.\nNote: The\u00a04.2.x\u00a0branch is no longer under open source support. If you are using Spring Cloud Gateway\u00a04.2.0\u00a0and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u00a04.2.x\u00a0release newer than\u00a04.2.0\u00a0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to\u00a05.0.2\u00a0or\u00a05.1.1\u00a0which are the current supported open source releases."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T07:32:31.260Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-22750"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSL bundle configuration silently bypassed in Spring Cloud Gateway",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-22750",
"datePublished": "2026-04-10T07:32:31.260Z",
"dateReserved": "2026-01-09T06:55:03.990Z",
"dateUpdated": "2026-04-10T12:59:14.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41235 (GCVE-0-2025-41235)
Vulnerability from cvelistv5 – Published: 2025-05-30 05:57 – Updated: 2025-05-30 12:27
VLAI?
Title
CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
Summary
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
Severity ?
8.6 (High)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| VMware | Spring cloud Gateway |
Affected:
2.2.10.RELEASE - 4.2.2, 4.3.0-{M1, M2, RC1} , < 4.3.0, 4.2.3, 4.1.8, 4.0.12, 3.1.10
(oss, commercial)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T12:26:59.701790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T12:27:17.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Spring cloud Gateway",
"platforms": [
"Any"
],
"product": "Spring cloud Gateway",
"vendor": "VMware",
"versions": [
{
"lessThan": "4.3.0, 4.2.3, 4.1.8, 4.0.12, 3.1.10",
"status": "affected",
"version": "2.2.10.RELEASE - 4.2.2, 4.3.0-{M1, M2, RC1}",
"versionType": "oss, commercial"
}
]
},
{
"defaultStatus": "affected",
"packageName": "Spring cloud Gateway Server MVC",
"platforms": [
"Any"
],
"product": "Spring Cloud Gateway Server MVC",
"vendor": "VMware",
"versions": [
{
"lessThan": "4.3.0, 4.2.3, 4.1.8",
"status": "affected",
"version": "4.1.7 - 4.2.2, 4.3.0-{M1, M2, RC1}",
"versionType": "OSS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSpring Cloud Gateway Server forwards the \u003ccode\u003eX-Forwarded-For\u003c/code\u003e\u0026nbsp;and \u003ccode\u003eForwarded\u003c/code\u003e\u0026nbsp;headers from untrusted proxies.\u003c/p\u003e"
}
],
"value": "Spring Cloud Gateway Server forwards the X-Forwarded-For\u00a0and Forwarded\u00a0headers from untrusted proxies."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T05:57:16.411Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2025-41235"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41235",
"datePublished": "2025-05-30T05:57:16.411Z",
"dateReserved": "2025-04-16T09:30:17.798Z",
"dateUpdated": "2025-05-30T12:27:17.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202203-0233
Vulnerability from variot - Updated: 2025-11-18 13:35In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0233",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.1"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.2"
},
{
"model": "spring cloud gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "3.0.7"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "communications cloud native core network exposure function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"model": "spring cloud gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "3.1.0"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.11.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "oracle communications cloud native core network repository function",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "spring cloud gateway",
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "oracle communications cloud native core network function cloud native environment",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications cloud native core network slice selection function",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications cloud native core service communication proxy",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications cloud native core security edge protection proxy",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications cloud native core network exposure function",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications cloud native core binding support function",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications cloud native core console",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle commerce guided search",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007709"
},
{
"db": "NVD",
"id": "CVE-2022-22947"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carlos E. Vieir",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-161"
}
],
"trust": 0.6
},
"cve": "CVE-2022-22947",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-22947",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-411807",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22947",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22947",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22947",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-22947",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-22947",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-161",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-411807",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22947",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411807"
},
{
"db": "VULMON",
"id": "CVE-2022-22947"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-161"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007709"
},
{
"db": "NVD",
"id": "CVE-2022-22947"
},
{
"db": "NVD",
"id": "CVE-2022-22947"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22947"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007709"
},
{
"db": "VULHUB",
"id": "VHN-411807"
},
{
"db": "VULMON",
"id": "CVE-2022-22947"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-411807",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411807"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22947",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "168742",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "166219",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007709",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "50799",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022042264",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030313",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042263",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071955",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022030035",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-161",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411807",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22947",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411807"
},
{
"db": "VULMON",
"id": "CVE-2022-22947"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-161"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007709"
},
{
"db": "NVD",
"id": "CVE-2022-22947"
}
]
},
"id": "VAR-202203-0233",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411807"
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T13:35:47.514000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0April\u00a02022 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://tanzu.vmware.com/security/cve-2022-22947"
},
{
"title": "VMware Spring Cloud Gateway Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184589"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/kmahyyg/CVE-2022-22947 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/PyterSmithDarkGhost/VMWARECODEINJECTIONATTACKCVE-2022-22947 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/trhacknon/CVE-2022-22947 "
},
{
"title": "CVE-2022-22947-Spring-Cloud",
"trust": 0.1,
"url": "https://github.com/michaelklaan/CVE-2022-22947-Spring-Cloud "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ananorabei/POCS "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22947"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-161"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007709"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.1
},
{
"problemtype": "CWE-917",
"trust": 1.0
},
{
"problemtype": "Code injection (CWE-94) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411807"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007709"
},
{
"db": "NVD",
"id": "CVE-2022-22947"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/168742/spring-cloud-gateway-3.1.0-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/166219/spring-cloud-gateway-3.1.0-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://tanzu.vmware.com/security/cve-2022-22947"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2022-22947"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22947"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042264"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-communications-vulnerabilities-of-april-2022-38100"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22947/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042263"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022030035"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50799"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030313"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071955"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411807"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-161"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007709"
},
{
"db": "NVD",
"id": "CVE-2022-22947"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411807"
},
{
"db": "VULMON",
"id": "CVE-2022-22947"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-161"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007709"
},
{
"db": "NVD",
"id": "CVE-2022-22947"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-411807"
},
{
"date": "2022-03-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22947"
},
{
"date": "2022-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-161"
},
{
"date": "2023-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007709"
},
{
"date": "2022-03-03T22:15:08.673000",
"db": "NVD",
"id": "CVE-2022-22947"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-411807"
},
{
"date": "2023-07-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22947"
},
{
"date": "2023-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-161"
},
{
"date": "2023-07-20T07:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-007709"
},
{
"date": "2025-10-30T20:04:45.970000",
"db": "NVD",
"id": "CVE-2022-22947"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-161"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "spring\u00a0cloud\u00a0gateway\u00a0 Code injection vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007709"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-161"
}
],
"trust": 0.6
}
}
VAR-202203-0234
Vulnerability from variot - Updated: 2024-11-23 20:00In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. spring cloud gateway Exists in a certificate validation vulnerability.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0234",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spring cloud gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "3.1.0"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.2"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "oracle communications cloud native core console",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle commerce guided search",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications cloud native core network repository function",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "spring cloud gateway",
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "oracle communications cloud native core binding support function",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications cloud native core security edge protection proxy",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007989"
},
{
"db": "NVD",
"id": "CVE-2022-22946"
}
]
},
"cve": "CVE-2022-22946",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22946",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-411806",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-22946",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22946",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22946",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-22946",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-158",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-411806",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2022-22946",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411806"
},
{
"db": "VULMON",
"id": "CVE-2022-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-158"
},
{
"db": "NVD",
"id": "CVE-2022-22946"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. spring cloud gateway Exists in a certificate validation vulnerability.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007989"
},
{
"db": "VULHUB",
"id": "VHN-411806"
},
{
"db": "VULMON",
"id": "CVE-2022-22946"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22946",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007989",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022030313",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-158",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411806",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22946",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411806"
},
{
"db": "VULMON",
"id": "CVE-2022-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-158"
},
{
"db": "NVD",
"id": "CVE-2022-22946"
}
]
},
"id": "VAR-202203-0234",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411806"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:00:59.890000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022",
"trust": 0.8,
"url": "https://spring.io/security/cve-2022-22946"
},
{
"title": "VMware Spring Cloud Gateway Fixing measures for security feature vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184954"
},
{
"title": "Spring_CVE_2022_22947\n\u5f71 \u54cd\u8303\u56f4 :\n\u7f13\u89e3\u65b9\u6cd5 \uff1a\npoc\u6f0f\u6d1e\u5229\u7528:\n\u7b2c\u4e8c\u6bb5poc\u5229\u7528:\n\u5229\u7528\u65b9\u6cd5:",
"trust": 0.1,
"url": "https://github.com/wjl110/Spring_CVE_2022_22947 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-158"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411806"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007989"
},
{
"db": "NVD",
"id": "CVE-2022-22946"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tanzu.vmware.com/security/cve-2022-22946"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22946"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22946/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030313"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 0.1,
"url": "https://github.com/wjl110/spring_cve_2022_22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411806"
},
{
"db": "VULMON",
"id": "CVE-2022-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-158"
},
{
"db": "NVD",
"id": "CVE-2022-22946"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411806"
},
{
"db": "VULMON",
"id": "CVE-2022-22946"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-158"
},
{
"db": "NVD",
"id": "CVE-2022-22946"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-411806"
},
{
"date": "2022-03-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22946"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007989"
},
{
"date": "2022-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-158"
},
{
"date": "2022-03-04T16:15:10.377000",
"db": "NVD",
"id": "CVE-2022-22946"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-411806"
},
{
"date": "2023-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22946"
},
{
"date": "2023-07-24T02:03:00",
"db": "JVNDB",
"id": "JVNDB-2022-007989"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-158"
},
{
"date": "2024-11-21T06:47:39.557000",
"db": "NVD",
"id": "CVE-2022-22946"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-158"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "spring\u00a0cloud\u00a0gateway\u00a0 Certificate validation vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007989"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-158"
}
],
"trust": 0.6
}
}
VAR-202111-0105
Vulnerability from variot - Updated: 2024-08-14 14:25Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer. Spring Cloud Gateway Exists in a fraudulent authentication vulnerability.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-0105",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spring cloud gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "3.0.5"
},
{
"model": "spring cloud gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "2.2.10"
},
{
"model": "spring cloud gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "3.0.0"
},
{
"model": "spring cloud gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "2.2.10"
},
{
"model": "spring cloud gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "3.0.5+"
},
{
"model": "spring cloud gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014750"
},
{
"db": "NVD",
"id": "CVE-2021-22051"
}
]
},
"cve": "CVE-2021-22051",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-22051",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-380460",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-22051",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22051",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22051",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-22051",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-678",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-380460",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380460"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014750"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-678"
},
{
"db": "NVD",
"id": "CVE-2021-22051"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer. Spring Cloud Gateway Exists in a fraudulent authentication vulnerability.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22051"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014750"
},
{
"db": "VULHUB",
"id": "VHN-380460"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22051",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014750",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202111-678",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-380460",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380460"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014750"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-678"
},
{
"db": "NVD",
"id": "CVE-2021-22051"
}
]
},
"id": "VAR-202111-0105",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-380460"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:25:08.516000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2021-22051",
"trust": 0.8,
"url": "https://tanzu.vmware.com/security/cve-2021-22051"
},
{
"title": "Spring Cloud Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169343"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014750"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-678"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380460"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014750"
},
{
"db": "NVD",
"id": "CVE-2021-22051"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://tanzu.vmware.com/security/cve-2021-22051"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22051"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380460"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014750"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-678"
},
{
"db": "NVD",
"id": "CVE-2021-22051"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-380460"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014750"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-678"
},
{
"db": "NVD",
"id": "CVE-2021-22051"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-380460"
},
{
"date": "2022-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014750"
},
{
"date": "2021-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-678"
},
{
"date": "2021-11-08T14:15:07.860000",
"db": "NVD",
"id": "CVE-2021-22051"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-380460"
},
{
"date": "2022-10-27T04:52:00",
"db": "JVNDB",
"id": "JVNDB-2021-014750"
},
{
"date": "2021-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-678"
},
{
"date": "2021-11-09T22:13:10.783000",
"db": "NVD",
"id": "CVE-2021-22051"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-678"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring\u00a0Cloud\u00a0Gateway\u00a0 Fraud related to unauthorized authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014750"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-678"
}
],
"trust": 0.6
}
}