On March 29, 2022, the following critical vulnerability in the Spring Cloud Function Framework affecting releases 3.1.6, 3.2.2, and older unsupported releases was disclosed:
CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression
For a description of this vulnerability, see VMware Spring Framework Security Vulnerability Report.
This advisory will be updated as additional information becomes available.
Cisco’s Response to This Vulnerability
Cisco is investigating all products for impact from CVE-2022-22963. To help detect exploitation of this vulnerability, Cisco has released Snort rules at the following location: Talos Rule SID 59388
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH
Security Impact Rating: Critical
CVE: CVE-2022-22963
Source:: Cisco Security Advisories