What is the severity of CVE-2022-22947?

CVE-2022-22947 has a CVSS Base Score of 10/10 and is classified as Critical severity. It is important to assess the risk based on your specific environment.

How do I fix CVE-2022-22947?

Remediation typically involves updating the affected software products to the latest patched version. Refer to the 'Affected Products' and 'Remediation' sections on this page for specific mitigation steps and vendor advisories.

Home→Vulnerabilities→CVE-2022-22947

Critical Risk Active Exploitation

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Share this vulnerability:

⚠️

Confirmed Active Exploitation

This vulnerability is listed in the CISA KEV Catalog. Federal agencies are mandated to patch immediately. Immediate remediation is required.

🚨

Public Exploit Available

A Proof-of-Concept (PoC) or exploit code for this vulnerability is publicly available. This significantly increases the risk of exploitation.

Exploitation Probability (EPSS)

Critical Priority

94.46%

The Exploit Prediction Scoring System (EPSS) uses machine learning to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days.

0% (Theoretical)100% (Certainty)