CVE-2022-22968

MEDIUM LAB

Spring Framework <5.3.18,<5.2.20 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-22968. PoCs published by MarcinGadz.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2022-22968, a remote code execution vulnerability in Spring Cloud Function. The exploit leverages deserialization to write a JSP webshell to the target server, accessible at `/shell.jsp`.

Description

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

Exploits (1)

nomisec WORKING POC 2 stars

by MarcinGadz · poc

https://github.com/MarcinGadz/spring-rce-poc

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2022-22968, a remote code execution vulnerability in Spring Cloud Function. The exploit leverages deserialization to write a JSP webshell to the target server, accessible at `/shell.jsp`.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Spring Cloud Function (with vulnerable Tomcat 9.0.59)

No auth needed

Prerequisites: Target running vulnerable Spring Cloud Function with exposed endpoint · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://tanzu.vmware.com/security/cve-2022-22968

Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20220602-0004/

Scores

CVSS v3 5.3

EPSS 0.2051

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull tomcat:9.0.59-jdk11

https://github.com/MarcinGadz/spring-rce-poc

View in Library

Details

CWE

CWE-178

Status published

Products (8)

netapp/active_iq_unified_manager (3 CPE variants)

netapp/cloud_secure_agent

netapp/metrocluster_tiebreaker

netapp/snap_creator_framework

netapp/snapmanager (2 CPE variants)

oracle/mysql_enterprise_monitor < 8.0.29

org.springframework/spring-context 5.3.0 - 5.3.19Maven

vmware/spring_framework < 5.2.0

Published Apr 14, 2022

Tracked Since Feb 18, 2026