CVE-2022-22965 - Vulnerability Details

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since April 4, 2022.

The EPSS score is 0.94428.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Cisco Subscribe	Cx Cloud Agent Subscribe
Oracle Subscribe	Commerce Platform Subscribe Communications Cloud Native Core Automated Test Suite Subscribe Communications Cloud Native Core Binding Support Function Subscribe Communications Cloud Native Core Console Subscribe Communications Cloud Native Core Network Exposure Function Subscribe Communications Cloud Native Core Network Function Cloud Native Environment Subscribe Communications Cloud Native Core Network Repository Function Subscribe Communications Cloud Native Core Network Slice Selection Function Subscribe Communications Cloud Native Core Policy Subscribe Communications Cloud Native Core Security Edge Protection Proxy Subscribe Communications Cloud Native Core Unified Data Repository Subscribe Communications Policy Management Subscribe Communications Unified Inventory Management Subscribe Financial Services Analytical Applications Infrastructure Subscribe Financial Services Behavior Detection Platform Subscribe Financial Services Enterprise Case Management Subscribe Jdk Subscribe Mysql Enterprise Monitor Subscribe Product Lifecycle Analytics Subscribe Retail Bulk Data Integration Subscribe Retail Customer Management And Segmentation Foundation Subscribe Retail Financial Integration Subscribe Retail Integration Bus Subscribe Retail Merchandising System Subscribe Retail Xstore Point Of Service Subscribe Sd-wan Edge Subscribe Weblogic Server Subscribe
Redhat Subscribe	Amq Broker Subscribe Camel Quarkus Subscribe Integration Subscribe Jboss Enterprise Bpms Platform Subscribe Jboss Enterprise Brms Platform Subscribe Jboss Fuse Subscribe
Siemens Subscribe	Operation Scheduler Subscribe Simatic Speech Assistant For Machines Subscribe Sinec Network Management System Subscribe Sipass Integrated Subscribe Siveillance Identity Subscribe
Veritas Subscribe	Access Appliance Subscribe Flex Appliance Subscribe Netbackup Appliance Subscribe Netbackup Flex Scale Appliance Subscribe Netbackup Virtual Appliance Subscribe
Vmware Subscribe	Spring Framework Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:a:vmware:spring_framework::::::::
	cpe:2.3:a:vmware:spring_framework::::::::

cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:::::::*
	cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:::::::*
	cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:::::::*
	cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:::::::*
	cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.1:::::::*
	cpe:2.3:a:siemens:operation_scheduler::::::::
	cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:veritas:access_appliance:7.4.3:::::::*
	cpe:2.3:a:veritas:access_appliance:7.4.3.100:::::::*
	cpe:2.3:a:veritas:access_appliance:7.4.3.200:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:veritas:access_appliance:7.4.3:::::::*
	cpe:2.3:a:veritas:access_appliance:7.4.3.100:::::::*
	cpe:2.3:a:veritas:access_appliance:7.4.3.200:::::::*
	cpe:2.3:a:veritas:flex_appliance:1.3:::::::*
	cpe:2.3:a:veritas:flex_appliance:2.0:::::::*
	cpe:2.3:a:veritas:flex_appliance:2.0.1:::::::*
	cpe:2.3:a:veritas:flex_appliance:2.0.2:::::::*
	cpe:2.3:a:veritas:flex_appliance:2.1:::::::*
	cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:::::::*
	cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:::::::*
	cpe:2.3:h:veritas:netbackup_appliance:4.0:::::::*
	cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1::::::
	cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2::::::
	cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3::::::
	cpe:2.3:h:veritas:netbackup_appliance:4.1:::::::*
	cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1::::::
	cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2::::::
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:::::::*
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1::::::
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2::::::
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3::::::
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:::::::*
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1::::::
	cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2::::::

Configuration 6 [-]

OR	cpe:2.3:a:siemens:operation_scheduler::::::::
	cpe:2.3:a:siemens:simatic_speech_assistant_for_machines::::::::
	cpe:2.3:a:siemens:sinec_network_management_system::::::::
	cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:oracle:commerce_platform:11.3.2:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*
	cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:::::::*
	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:::::::*
	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:19.0.1:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:19.0.1:::::::*
	cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Package	CPE	Advisory	Released Date
CEQ 2.2.1-1 (CVE-2022-22965)
spring-beans	cpe:/a:redhat:camel_quarkus:2.2.1	RHSA-2022:1306	2022-04-11T00:00:00Z
Red Hat AMQ 7.8.6
spring-webmvc	cpe:/a:redhat:amq_broker:7	RHSA-2022:1626	2022-04-27T00:00:00Z
Red Hat AMQ 7.9.4
spring-webmvc	cpe:/a:redhat:amq_broker:7	RHSA-2022:1627	2022-04-27T00:00:00Z
Red Hat Fuse 7.10.2
spring-webmvc	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:1360	2022-04-13T00:00:00Z
RHDM 7.12.1 async
spring-webmvc	cpe:/a:redhat:jboss_enterprise_brms_platform:7.12	RHSA-2022:1379	2022-04-14T00:00:00Z
RHINT Camel-K 1.6.5
spring-beans	cpe:/a:redhat:integration:1	RHSA-2022:1333	2022-04-12T00:00:00Z
RHPAM 7.12.1 async
spring-webmvc	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.12	RHSA-2022:1378	2022-04-14T00:00:00Z

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-36p3-wjmg-h94x	Remote Code Execution in Spring Framework
Ubuntu USN	USN-7165-1	Spring Framework vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
https://nvd.nist.gov/vuln/detail/CVE-2022-22965
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://tanzu.vmware.com/security/cve-2022-22965
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965
https://www.cve.org/CVERecord?id=CVE-2022-22965
https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html
https://www.kb.cert.org/vuls/id/970766
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.praetorian.com/blog/spring-core-jdk9-rce/

History

Wed, 22 Oct 2025 09:30:00 +0900

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965

Wed, 22 Oct 2025 05:30:00 +0900

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965

Wed, 22 Oct 2025 04:30:00 +0900

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965

Wed, 16 Jul 2025 22:45:00 +0900

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.94464}`	epss `{'score': 0.94487}`

Thu, 30 Jan 2025 03:15:00 +0900

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-04-04'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 22 Nov 2024 21:00:00 +0900

Type	Values Removed	Values Added
References		https://www.kb.cert.org/vuls/id/970766

Sat, 19 Oct 2024 05:15:00 +0900

Type	Values Removed	Values Added
First Time appeared		Oracle jdk
CPEs		cpe:2.3:a:oracle:jdk::::::::
Vendors & Products		Oracle jdk

Wed, 14 Aug 2024 10:00:00 +0900

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2022-04-01T22:17:30.000Z

Updated: 2025-10-21T23:15:42.792Z

Reserved: 2022-01-10T00:00:00.000Z

Link: CVE-2022-22965

Vulnrichment

Updated: 2024-08-03T03:28:42.725Z

NVD

Status : Analyzed

Published: 2022-04-01T23:15:13.870

Modified: 2025-10-30T19:56:43.110

Link: CVE-2022-22965

Redhat

Severity : Important

Publid Date: 2022-03-30T00:00:00Z

Links: CVE-2022-22965 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-94

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object