Vulnerability Bulletins

Vulnerability in Spring Framework Affecting Cisco Products: March 2022


System information

   
Affected software Cisco

Description

On March 31, 2022, the following critical vulnerability in the Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+ was released: CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ For a description of this vulnerability, see VMware Spring Framework Security Vulnerability Report. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Vulnerability%20in%20Spring%20Framework%20Affecting%20Cisco%20Products:%20March%202022&vs_k=1

Standar resources

Property Value
CVE CVE-2022-22965.

Version history

Version Comments Date
1.0 Advisory issued 2023-02-10
Ministerio de Defensa
CNI
CCN
CCN-CERT