virus logo Outbreak Alert

VMware Spring Cloud Function RCE Vulnerability

Released: Dec 20, 2022

Download PDF »

VMware Spring Cloud Function Vulnerability Attack Tags

High Severity

VMware Vendor

Subscribe

Critical flaw found in Spring Cloud Function resulting in Remote Code Execution

In Spring Cloud Function versions 3.2.2, 3.1.6, and older versions, it is possible for an attacker to provide a specially crafted malicious expression that may result in remote code execution and access to local resources. With CVSS base score of 9.8 and publicly available proof of concept, this vulnerability should be seriously attended. Learn More »

Common Vulnerabilities and Exposures


Background

Spring Framework is an open source lightweight Java-based platform application development framework for creating high-performing, easily testable code. And, Spring Cloud provides developer tools to build distributed systems (e.g. configuration management, service discovery, etc).
In March 2022, another critical vulnerability CVE-2022-22965 known as "Spring4Shell" also affected a flaw in the Spring Framework. See dedicated Outbreak Report for full details: https://www.fortiguard.com/outbreak-alert/spring4shell-vulnerability

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


March 29, 2022: VMware published a vulnerability report: https://tanzu.vmware.com/security/cve-2022-22963


Dec 20, 2022: FortiGuard Labs is still seeing active attack attempts of the vulnerability CVE-2022-22963 and advises to upgrade to recommended versions to mitigate the vulnerability. The FortiGuard telemetry can be viewed at: https://www.fortiguard.com/encyclopedia/ips/51355

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • IPS

  • Web App Security

  • Application Firewall

DETECT
RESPOND
RECOVER
IDENTIFY

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.