CISA/NIST NVD Alert - CVE-2022-22947
Spring Cloud Gateway - VMware Spring Cloud Gateway Code Injection Vulnerability
CISA/NIST Known Exploited Vulnerability Alert
CVE Identification Number
CVE-2022-22947
Vendor Name
VMware
Product
Spring Cloud Gateway
Vulnerability Name
VMware Spring Cloud Gateway Code Injection Vulnerability
Description of Vulnerability
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
Date Added to CISA Known Exploited Vulnerability Database
2022-05-16
Remediation
Apply updates per vendor instructions.