Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
March 31, 2022Rewterz Threat Alert – Lokibot Malware – Active IOCs
March 31, 2022Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
March 31, 2022Rewterz Threat Alert – Lokibot Malware – Active IOCs
March 31, 2022Severity
Medium
Analysis Summary
CVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in access to local resources.
This vulnerability should not be confused with Spring4Shell, which is another vulnerability being exploited in the wild and hasn’t been allotted a CVE number yet.
Impact
- Privilege Escalation
- Bypass Security
Affected Vendors
VMware
Affected Products
- VMware Spring Cloud Function 3.1.6
- VMware Spring Cloud Function 3.2.2