1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. VMware Spring Cloud Gateway Code Injection Vulnerability

Known Exploited Vulnerabilities CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2022-22947 VMware Spring Cloud Gateway Code Injection Vulnerability secondary_impact T1486 Data Encrypted for Impact
Comments
This vulnerability is exploited by a remote attacker via a code injection attack to gain perform arbitrary remote code execution. CISA has linked this vulnerability to adversary campaigns performed by Andariel to perform cyber espionage via ransomware operations.
References
  1. https://portswigger.net/daily-swig/api-security-broken-access-controls-injection-attacks-plague-the-enterprise-security-landscape-in-2022
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
CVE-2022-22947 VMware Spring Cloud Gateway Code Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
This vulnerability is exploited by a remote attacker via a code injection attack to gain perform arbitrary remote code execution. CISA has linked this vulnerability to adversary campaigns performed by Andariel to perform cyber espionage via ransomware operations.
References
  1. https://portswigger.net/daily-swig/api-security-broken-access-controls-injection-attacks-plague-the-enterprise-security-landscape-in-2022
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
CVE-2022-22947 VMware Spring Cloud Gateway Code Injection Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability is exploited by a remote attacker via a code injection attack to gain perform arbitrary remote code execution. CISA has linked this vulnerability to adversary campaigns performed by Andariel to perform cyber espionage via ransomware operations.
References
  1. https://portswigger.net/daily-swig/api-security-broken-access-controls-injection-attacks-plague-the-enterprise-security-landscape-in-2022
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a