VDB
CVE-2022-22980
CVE-2022-22980
PUBLISHED
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
EPSS 83.32% · 99.3th percentile
Risk Scores
EPSS Score
83.32%
99.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Spring Framework | Spring Framework versions 5.3.X prior to 5.3.17+ and all old and unsupported versions |
Exploit Intelligence
- 【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。 (github-poc-repo)
- 【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。 (github-poc-repo)
- 【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。 (github-poc-repo)
- 【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。 (github-poc-repo)
- 【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。 (github-poc-repo)
- 【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。 (github-poc-repo)
- Exploitation de CVE-2022-22980 (github-poc-repo)
- Exploitation de CVE-2022-22980 (github-poc-repo)
- Exploitation de CVE-2022-22980 (github-poc-repo)
- Exploitation de CVE-2022-22980 (github-poc-repo)
…and 68 more exploits
Timeline
- Apr 7, 2022 PoC Published
- Jun 22, 2022 CVE Published
- Jun 23, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Sep 28, 2022 EPSS Score
- Jan 1, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 23, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 11, 2023 EPSS Score
- Aug 28, 2023 EPSS Score
- Oct 15, 2023 EPSS Score
References
- https://www.ibm.com/support/pages/node/7144944 advisory
- https://www.ibm.com/support/pages/node/7144861 advisory
- https://tanzu.vmware.com/security/cve-2022-22950 url
- https://www.ibm.com/support/pages/node/6841885 advisory
- https://www.ibm.com/support/pages/node/6841799 advisory
- https://www.ibm.com/support/pages/node/6841785 advisory
- https://www.ibm.com/support/pages/node/6841791 advisory
- https://www.ibm.com/support/pages/node/6841815 advisory