Sign In

CVE-2022-22965

📊 9.8 CRITICAL94.4%🎯 74 exploits🏛️ KEV Listed
📅 Published Apr 1, 2022
📋 Status: Analyzed

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

🎯 Affected Products & Systems

98 product configurations affected

Filter by type:
📱
Vulnerable
Version: < 5.2.20
CPE:
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: ≥ 5.3.0 ∧ < 5.3.18
CPE:
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
📱
oracle / jdk
Application
Safe
Version: ≥ 9
CPE:
cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
📱
cisco / cx cloud agent
Application
Vulnerable
Version: < 2.1.0
CPE:
cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.9.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 22.1.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.9.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 22.1.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 22.1.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.10.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 22.1.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.15.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 22.1.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.8.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.15.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 22.1.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.15.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 22.1.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.7.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 22.1.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.15.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 22.1.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 12.6.0.0.0
CPE:
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 8.1.1
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 8.1.2.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 8.1.1.0
CPE:
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 8.1.1.1
CPE:
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 8.1.2.0
CPE:
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 8.1.1.0
CPE:
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 8.1.1.1
CPE:
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 8.1.2.0
CPE:
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: < 8.0.29
CPE:
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: 3.6.1
CPE:
cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 20.0.1
CPE:
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 21.0.0
CPE:
cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*
📱
oracle / sd-wan edge
Application
Vulnerable
Version: 9.0
CPE:
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
📱
oracle / sd-wan edge
Application
Vulnerable
Version: 9.1
CPE:
cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: < 2.0.4
CPE:
cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: 2.80
CPE:
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
📱
Vulnerable
Version: 2.85
CPE:
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.5
CPE:
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.6
CPE:
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*
📱
Vulnerable
Version: 7.4.3
CPE:
cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
📱
Vulnerable
Version: 7.4.3.100
CPE:
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
📱
Vulnerable
Version: 7.4.3.200
CPE:
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*
📱
Vulnerable
Version: 7.4.3
CPE:
cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
📱
Vulnerable
Version: 7.4.3.100
CPE:
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
📱
Vulnerable
Version: 7.4.3.200
CPE:
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*
📱
veritas / flex appliance
Application
Vulnerable
Version: 1.3
CPE:
cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*
📱
veritas / flex appliance
Application
Vulnerable
Version: 2.0
CPE:
cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*
📱
veritas / flex appliance
Application
Vulnerable
Version: 2.0.1
CPE:
cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*
📱
veritas / flex appliance
Application
Vulnerable
Version: 2.0.2
CPE:
cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*
📱
veritas / flex appliance
Application
Vulnerable
Version: 2.1
CPE:
cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 2.1
CPE:
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 3.0
CPE:
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.0
CPE:
cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.0.0.1
CPE:
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.0.0.1
CPE:
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.0.0.1
CPE:
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.1
CPE:
cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.1.0.1
CPE:
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.1.0.1
CPE:
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.0
CPE:
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.0.0.1
CPE:
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.0.0.1
CPE:
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.0.0.1
CPE:
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.1
CPE:
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.1.0.1
CPE:
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
🔧
Vulnerable
Version: 4.1.0.1
CPE:
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
📱
Vulnerable
Version: < 2.0.4
CPE:
cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: < 1.2.1
CPE:
cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: < 1.0.3
CPE:
cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: 2.80
CPE:
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
📱
Vulnerable
Version: 2.85
CPE:
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.5
CPE:
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
📱
Vulnerable
Version: 1.6
CPE:
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*
📱
Vulnerable
Version: 11.3.2
CPE:
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
📱
Vulnerable
Version: 22.1.3
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
📱
Vulnerable
Version: 7.4.1
CPE:
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 7.4.2
CPE:
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
📱
Vulnerable
Version: 7.5.0
CPE:
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 16.0.3
CPE:
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*
📱
Vulnerable
Version: 17.0
CPE:
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 18.0
CPE:
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 19.0
CPE:
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
📱
Vulnerable
Version: 14.1.3.2
CPE:
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*
📱
Vulnerable
Version: 15.0.3.1
CPE:
cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 16.0.3
CPE:
cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*
📱
Vulnerable
Version: 19.0.1
CPE:
cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 14.1.3.2
CPE:
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
📱
Vulnerable
Version: 15.0.3.1
CPE:
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 16.0.3
CPE:
cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*
📱
Vulnerable
Version: 19.0.1
CPE:
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
📱
Vulnerable
Version: 16.0.3
CPE:
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
📱
Vulnerable
Version: 19.0.1
CPE:
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
📱
oracle / weblogic server
Application
Vulnerable
Version: 12.2.1.3.0
CPE:
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
📱
oracle / weblogic server
Application
Vulnerable
Version: 12.2.1.4.0
CPE:
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
📱
oracle / weblogic server
Application
Vulnerable
Version: 14.1.1.0.0
CPE:
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
98 productsscroll for more
Metrics
9.8 CRITICALCVSS v3.1[email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED

🔍 Technical Details

Analysis Status
Analyzed
CVSS Details
9.8 (CRITICAL)v3.1
Source: [email protected]
EPSS Details
94.4% (Critical)100.0th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Apr 1, 2022 (3 years ago)
Last Modified
Oct 30, 2025 (2 days ago)
Security Weaknesses2

Available exploits (74)

🔐 Sign-in Required

Sign in to view exploits and proof-of-concept code.

Sign InCreate Account
References10