Spring Framework code execution | CVE-2022-22965

NAME

Spring Framework code execution

Platforms Affected:
Spring Spring Framework 5.2.2
Spring Spring Framework 5.3.0
Spring Spring Framework 5.3.1
Spring Spring Framework 5.3.2
Spring Spring Framework 5.3.3
Spring Spring Framework 5.3.4
Spring Spring Framework 5.3.5
Spring Spring Framework 5.3.6
Spring Spring Framework 5.3.7
Spring Spring Framework 5.3.8
Spring Spring Framework 5.3.9
Spring Spring Framework 5.3.10
Spring Spring Framework 5.3.11
Spring Spring Framework 5.3.12
Spring Spring Framework 5.3.13
Spring Spring Framework 5.3.14
Spring Spring Framework 5.3.15
Spring Spring Framework 5.3.16
Spring Spring Framework 5.3.17
Spring Spring Framework 5.2.1
Spring Spring Framework 5.2.0
Spring Spring Framework 5.2.3
Spring Spring Framework 5.2.4
Spring Spring Framework 5.2.5
Spring Spring Framework 5.2.6
Spring Spring Framework 5.2.7
Spring Spring Framework 5.2.8
Spring Spring Framework 5.2.9
Spring Spring Framework 5.2.10
Spring Spring Framework 5.2.11
Spring Spring Framework 5.2.12
Spring Spring Framework 5.2.13
Spring Spring Framework 5.2.14
Spring Spring Framework 5.2.15
Spring Spring Framework 5.2.16
Spring Spring Framework 5.2.17
Spring Spring Framework 5.2.18
Spring Spring Framework 5.2.19
Risk Level:
9.8
Exploitability:
Unproven
Consequences:
Gain Access

DESCRIPTION

Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell.

CVSS 3.0 Information

Privileges Required: None
User Interaction: None
Scope: Unchanged
Access Vector: Network
Access Complexity: Low
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
Remediation Level: Official Fix

MITIGATION

Upgrade to the latest version of Spring Framework (5.3.18, 5.2.20 or later), available from the Spring Blog, March 31, 2022. See References.

Reference Link:
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Reference Link:
https://tanzu.vmware.com/security/cve-2022-22965

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Spring Framework code execution | CVE-2022-22965

NAME

DESCRIPTION

MITIGATION

[RANSOMHUB] – Ransomware Victim: bravodigitaltrader[.]co[.]uk

[BLACKSUIT] – Ransomware Victim: SVP Worldwide

[QILIN] – Ransomware Victim: Imprimerie Peau

[KILLSEC] – Ransomware Victim: Sumitomo

Cobalt Strike Beacon Detected – 47[.]108[.]112[.]243:8443

NAME

DESCRIPTION

MITIGATION

You may have missed

[RANSOMHUB] – Ransomware Victim: bravodigitaltrader[.]co[.]uk

[BLACKSUIT] – Ransomware Victim: SVP Worldwide

[QILIN] – Ransomware Victim: Imprimerie Peau

[KILLSEC] – Ransomware Victim: Sumitomo

Cobalt Strike Beacon Detected – 47[.]108[.]112[.]243:8443