CVE-2022-22968

MEDIUM LAB

Spring Framework <5.3.18,<5.2.20 - Info Disclosure

Title source: llm

Description

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

Exploits (1)

nomisec WORKING POC 2 stars

by MarcinGadz · poc

https://github.com/MarcinGadz/spring-rce-poc

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220602-0004/

[Vendor Advisory] https://tanzu.vmware.com/security/cve-2022-22968

[Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 5.3

EPSS 0.2052

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull tomcat:9.0.59-jdk11

https://github.com/MarcinGadz/spring-rce-poc

View in Library

Details

CWE

CWE-178

Status published

Products (8)

netapp/active_iq_unified_manager (3 CPE variants)

netapp/cloud_secure_agent

netapp/metrocluster_tiebreaker

netapp/snap_creator_framework

netapp/snapmanager (2 CPE variants)

oracle/mysql_enterprise_monitor < 8.0.29

org.springframework/spring-context 5.3.0 - 5.3.19Maven

vmware/spring_framework < 5.2.0

Published Apr 14, 2022

Tracked Since Feb 18, 2026