23 Dec 2022

#cve_analysis

Write a blog analysis for a CVE

publish

CVE-2022-22965 Spring4Shell

by @khurram.arif

23 Dec 2022

#cve_analysis

Write a blog analysis for a CVE

publish

CVE-2022-22965 Spring4Shell

CVEs

CVE-2022-22965

9.8 Critical Severity

Apps

CCA

CX Cloud AgentCisco

001.012.*

*.*

0.9.2.*

1.6.*

0.0.2.*

1.7.*

0.9.*

1.3.*

0.9.3.*

2.2.*

Weblogic ServerOracle

14.1.1.0.0.*

10.3.5.0.0.*

9.2.0.0.0.*

*.*

10.3.0.0.0.*

10.3.2.0.0.*

10.3.3.0.0.*

12.2.1.4.0.*

9.1.0.0.0.*

9.0.0.0.0.*

Commerce PlatformOracle

10.0.3.5.*

11.2.0.3.*

11.3.2.*

11.2.0.2.*

10.2.0.5.*

11.3.0.*

11.2.0.*

11.3.1.*

11.1.0.*

11.1.*

RXP

Retail Xstore Point of ServiceOracle

16.0.6.*

18.0.3.*

15.0.2.*

21.0.1.*

21.0.0.*

15.0.3.*

15.0.4.*

18.0.2.*

20.0.1.*

19.0.2.*

MEM

Mysql Enterprise MonitorOracle

3.3.6.3293.*

4.0.0.5135.*

3.4.4.4226.*

8.0.18.1217.*

4.0.11.5331.*

3.4.9.4237.*

3.4.7.4297.*

8.0.0.8131.*

4.0.4.5235.*

4.0.6.5281.*

CPM

Communications Policy ManagementOracle

12.6.0.0.0.*

12.5.0.0.0.*

*.*

12.4.1.*

9.1.8.*

12.5.1.*

9.1.10.*

9.1.9.*

9.7.4.*

9.9.1.*

RIB

Retail Integration BusOracle

14.1.3.2.*

16.0.3.0.*

14.1.3.0.*

15.0.3.1.*

19.0.0.*

14.1.3.*

15.0.2.*

15.0.3.*

15.0.4.0.*

19.0.1.0.*

CUI

Communications Unified Inventory ManagementOracle

7.2.4.2.*

7.3.4.*

7.3.5.*

7.3.*

7.5.0.*

7.4.0.*

7.4.1.*

7.3.0.*

7.4.2.*

7.3.2.*

FSA

Financial Services Analytical Applications InfrastructureOracle

7.3.3.0.1.*

8.1.0.0.0.*

8.0.5.4.0.*

8.0.6.0.0.*

8.0.6.0.1.*

8.0.6.1.0.*

8.0.6.2.0.*

8.0.6.3.0.*

8.0.6.4.0.*

8.0.7.0.0.*

RMS

Retail Merchandising SystemOracle

14.1.3.2.*

15.0.3.*

14.1.*

16.0.*

19.0.1.*

15.0.*

5.0.3.1.*

16.0.3.*

16.0.2.*

RBD

Retail Bulk Data IntegrationOracle

16.0.3.0.*

15.0.3.0.*

16.0.*

19.0.1.*

15.0.*

16.0.3.*

RCM

Retail Customer Management and Segmentation FoundationOracle

18.1.*

17.0.1.*

16.0.*

17.0.*

19.0.*

16.0.1.*

18.0.*

16.0.2.*

RFI

Retail Financial IntegrationOracle

14.1.3.2.*

16.0.3.0.*

15.0.3.1.*

19.0.0.*

14.1.3.*

15.0.3.*

15.0.4.0.*

14.1.*

16.0.*

13.2.*

FSB

Financial Services Behavior Detection PlatformOracle

8.0.6.0.0.*

8.0.7.0.0.*

8.0.7.0.*

8.0.8.1.*

*.*

8.0.2.0.0.*

8.0.3.0.0.*

8.0.1.0.0.*

8.0.5.0.0.*

8.0.8.0.*

Sd-Wan EdgeOracle

8.2.*

7.3.*

9.1.*

8.1.*

8.0.*

9.0.*

CCN

Communications Cloud Native Core Network Function Cloud Native EnvironmentOracle

22.1.2.*

22.1.0.*

22.2.0.*

1.10.0.*

1.9.0.*

1.7.0.*

1.4.0.*

CCN

Communications Cloud Native Core ConsoleOracle

22.1.0.*

22.2.0.*

1.9.0.*

1.7.0.*

1.4.0.*

CCN

Communications Cloud Native Core Network Slice Selection FunctionOracle

22.1.1.*

22.1.0.*

1.15.0.*

1.8.0.*

1.2.1.*

CCN

Communications Cloud Native Core PolicyOracle

22.1.3.*

22.4.0.*

22.1.0.*

22.2.0.*

22.3.0.*

23.1.0.*

1.15.0.*

1.11.0.*

1.14.0.*

1.9.0.*

CCN

Communications Cloud Native Core Unified Data RepositoryOracle

22.1.0.*

22.2.0.*

1.15.0.*

1.14.0.*

1.4.0.*

1.6.0.*

FSE

Financial Services Enterprise Case ManagementOracle

8.0.7.2.*

8.0.8.1.0.*

8.0.7.2.0.*

8.0.8.1.*

8.0.7.1.*

*.*

8.0.8.0.*

8.1.1.0.*

8.1.1.1.*

8.1.2.0.*

CCN

Communications Cloud Native Core Security Edge Protection ProxyOracle

22.1.1.*

22.1.0.*

1.15.0.*

1.7.0.*

1.5.0.*

1.6.0.*

CCN

Communications Cloud Native Core Network Repository FunctionOracle

22.1.2.*

22.1.0.*

22.2.0.*

1.15.0.*

1.15.1.*

1.14.0.*

CCN

Communications Cloud Native Core Binding Support FunctionOracle

22.1.1.*

22.1.3.*

22.4.0.*

22.2.0.*

22.3.0.*

23.1.0.*

1.11.0.*

1.10.0.*

1.9.0.*

CCN

Communications Cloud Native Core Automated Test SuiteOracle

22.1.0.*

1.9.0.*

1.8.0.*

PLA

Product Lifecycle AnalyticsOracle

3.6.1.0.*

3.6.1.*

CCN

Communications Cloud Native Core Network Exposure FunctionOracle

22.1.1.*

22.1.0.*

Sipass IntegratedSiemens

MP2.6.*

*.*

*.SP2

2.80.*

2.85.*

2.65.*

2.65.SP2

2.76.SP1

2.76.*

2.76.-

SNM

Sinec Network Management SystemSiemens

1.0.3.*

1.0.SP1

1.0.-

-.*

Operation SchedulerSiemens

*.*

1.1.3.*

-.*

Siveillance IdentitySiemens

1.6.284.0.*

1.6.280.0.*

1.6.*

1.5.*

SSA

Simatic Speech Assistant for MachinesSiemens

*.*

Spring FrameworkVmware

*.*

5.2.21.*

5.2.24.*

5.2.20.*

5.2.23.*

5.2.19.*

5.2.22.*

5.3.25.*

5.3.19.*

4.3.19.*

Flex ApplianceVeritas

1.3.*

2.1.*

1.2.*

2.0.*

2.0.2.*

2.0.1.*

Access ApplianceVeritas

7.4.3.200.*

7.4.3.100.*

7.4.3.*

7.4.2.*

NFS

Netbackup Flex Scale ApplianceVeritas

2.1.*

3.0.*

Screenshots from the blog posts

blog-posts/images/clc0htv1v1e190jmhfa1o7x24.png

Summary

Spring MVC or Spring WebFlux application running on JDK 9+ susceptible to remote code execution (RCE).

Description

Tags

#CVE-2022-22965 #vicarius_blog

@khurram.arif

11 posts

Total vcoins

11.3K

Comments (0)

@khurram.arif

11 posts

Total vcoins

11.3K

CVEs

CVE-2022-22965

9.8 Critical Severity

Apps

CCA

CX Cloud AgentCisco

001.012.*

*.*

0.9.2.*

1.6.*

0.0.2.*

1.7.*

0.9.*

1.3.*

0.9.3.*

2.2.*

Weblogic ServerOracle

14.1.1.0.0.*

10.3.5.0.0.*

9.2.0.0.0.*

*.*

10.3.0.0.0.*

10.3.2.0.0.*

10.3.3.0.0.*

12.2.1.4.0.*

9.1.0.0.0.*

9.0.0.0.0.*

Commerce PlatformOracle

10.0.3.5.*

11.2.0.3.*

11.3.2.*

11.2.0.2.*

10.2.0.5.*

11.3.0.*

11.2.0.*

11.3.1.*

11.1.0.*

11.1.*

RXP

Retail Xstore Point of ServiceOracle

16.0.6.*

18.0.3.*

15.0.2.*

21.0.1.*

21.0.0.*

15.0.3.*

15.0.4.*

18.0.2.*

20.0.1.*

19.0.2.*

MEM

Mysql Enterprise MonitorOracle

3.3.6.3293.*

4.0.0.5135.*

3.4.4.4226.*

8.0.18.1217.*

4.0.11.5331.*

3.4.9.4237.*

3.4.7.4297.*

8.0.0.8131.*

4.0.4.5235.*

4.0.6.5281.*

CPM

Communications Policy ManagementOracle

12.6.0.0.0.*

12.5.0.0.0.*

*.*

12.4.1.*

9.1.8.*

12.5.1.*

9.1.10.*

9.1.9.*

9.7.4.*

9.9.1.*

RIB

Retail Integration BusOracle

14.1.3.2.*

16.0.3.0.*

14.1.3.0.*

15.0.3.1.*

19.0.0.*

14.1.3.*

15.0.2.*

15.0.3.*

15.0.4.0.*

19.0.1.0.*

CUI

Communications Unified Inventory ManagementOracle

7.2.4.2.*

7.3.4.*

7.3.5.*

7.3.*

7.5.0.*

7.4.0.*

7.4.1.*

7.3.0.*

7.4.2.*

7.3.2.*

FSA

Financial Services Analytical Applications InfrastructureOracle

7.3.3.0.1.*

8.1.0.0.0.*

8.0.5.4.0.*

8.0.6.0.0.*

8.0.6.0.1.*

8.0.6.1.0.*

8.0.6.2.0.*

8.0.6.3.0.*

8.0.6.4.0.*

8.0.7.0.0.*

RMS

Retail Merchandising SystemOracle

14.1.3.2.*

15.0.3.*

14.1.*

16.0.*

19.0.1.*

15.0.*

5.0.3.1.*

16.0.3.*

16.0.2.*

RBD

Retail Bulk Data IntegrationOracle

16.0.3.0.*

15.0.3.0.*

16.0.*

19.0.1.*

15.0.*

16.0.3.*

RCM

Retail Customer Management and Segmentation FoundationOracle

18.1.*

17.0.1.*

16.0.*

17.0.*

19.0.*

16.0.1.*

18.0.*

16.0.2.*

RFI

Retail Financial IntegrationOracle

14.1.3.2.*

16.0.3.0.*

15.0.3.1.*

19.0.0.*

14.1.3.*

15.0.3.*

15.0.4.0.*

14.1.*

16.0.*

13.2.*

FSB

Financial Services Behavior Detection PlatformOracle

8.0.6.0.0.*

8.0.7.0.0.*

8.0.7.0.*

8.0.8.1.*

*.*

8.0.2.0.0.*

8.0.3.0.0.*

8.0.1.0.0.*

8.0.5.0.0.*

8.0.8.0.*

Sd-Wan EdgeOracle

8.2.*

7.3.*

9.1.*

8.1.*

8.0.*

9.0.*

CCN

Communications Cloud Native Core Network Function Cloud Native EnvironmentOracle

22.1.2.*

22.1.0.*

22.2.0.*

1.10.0.*

1.9.0.*

1.7.0.*

1.4.0.*

CCN

Communications Cloud Native Core ConsoleOracle

22.1.0.*

22.2.0.*

1.9.0.*

1.7.0.*

1.4.0.*

CCN

Communications Cloud Native Core Network Slice Selection FunctionOracle

22.1.1.*

22.1.0.*

1.15.0.*

1.8.0.*

1.2.1.*

CCN

Communications Cloud Native Core PolicyOracle

22.1.3.*

22.4.0.*

22.1.0.*

22.2.0.*

22.3.0.*

23.1.0.*

1.15.0.*

1.11.0.*

1.14.0.*

1.9.0.*

CCN

Communications Cloud Native Core Unified Data RepositoryOracle

22.1.0.*

22.2.0.*

1.15.0.*

1.14.0.*

1.4.0.*

1.6.0.*

FSE

Financial Services Enterprise Case ManagementOracle

8.0.7.2.*

8.0.8.1.0.*

8.0.7.2.0.*

8.0.8.1.*

8.0.7.1.*

*.*

8.0.8.0.*

8.1.1.0.*

8.1.1.1.*

8.1.2.0.*

CCN

Communications Cloud Native Core Security Edge Protection ProxyOracle

22.1.1.*

22.1.0.*

1.15.0.*

1.7.0.*

1.5.0.*

1.6.0.*

CCN

Communications Cloud Native Core Network Repository FunctionOracle

22.1.2.*

22.1.0.*

22.2.0.*

1.15.0.*

1.15.1.*

1.14.0.*

CCN

Communications Cloud Native Core Binding Support FunctionOracle

22.1.1.*

22.1.3.*

22.4.0.*

22.2.0.*

22.3.0.*

23.1.0.*

1.11.0.*

1.10.0.*

1.9.0.*

CCN

Communications Cloud Native Core Automated Test SuiteOracle

22.1.0.*

1.9.0.*

1.8.0.*

PLA

Product Lifecycle AnalyticsOracle

3.6.1.0.*

3.6.1.*

CCN

Communications Cloud Native Core Network Exposure FunctionOracle

22.1.1.*

22.1.0.*

Sipass IntegratedSiemens

MP2.6.*

*.*

*.SP2

2.80.*

2.85.*

2.65.*

2.65.SP2

2.76.SP1

2.76.*

2.76.-

SNM

Sinec Network Management SystemSiemens

1.0.3.*

1.0.SP1

1.0.-

-.*

Operation SchedulerSiemens

*.*

1.1.3.*

-.*

Siveillance IdentitySiemens

1.6.284.0.*

1.6.280.0.*

1.6.*

1.5.*

SSA

Simatic Speech Assistant for MachinesSiemens

*.*

Spring FrameworkVmware

*.*

5.2.21.*

5.2.24.*

5.2.20.*

5.2.23.*

5.2.19.*

5.2.22.*

5.3.25.*

5.3.19.*

4.3.19.*

Flex ApplianceVeritas

1.3.*

2.1.*

1.2.*

2.0.*

2.0.2.*

2.0.1.*

Access ApplianceVeritas

7.4.3.200.*

7.4.3.100.*

7.4.3.*

7.4.2.*

NFS

Netbackup Flex Scale ApplianceVeritas

2.1.*

3.0.*

about

An Origin Story: vsociety
Frequently Asked Questions

be Part

Join Community
Login