CVSS 3.1 Score 9.8 of 10 (high)


Published Apr 1, 2022
Updated: Jul 13, 2023
CWE ID 917


CVE-2022-22963 is a vulnerability in Spring Cloud Function versions 3.1.6, 3.2.2, and older unsupported versions. It allows an attacker to execute remote code and access local resources by providing a specially crafted SpEL as a routing-expression when using routing functionality. The vulnerability affects various products, including mdQtBZ, k1I7Y9, hCfZBV, and others. The danger it poses to organizations is significant, with a base severity rating of CRITICAL and a base score of 9.8 out of 10. To remediate the vulnerability, organizations should update to the latest supported version of Spring Cloud Function that includes the necessary security patches.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2022-22963 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options