NEW R2100 Series 5G Ruggedized Router — Built for the Roof of Vehicles and IoT Learn More

Discover Cradlepoint near you

We have dedicated teams in regions the world over. We’re here to answer your questions and connect you with the perfect Wireless WAN solution for your unique business needs.

Asia-Pacific
North America
Latin America
Africa
Europe

For a full list of where our solutions are available, please visit our Availability Page.


CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

2022-04-14 16:17:27

SUMMARY:

In Spring Cloud Function versions 3.1.6, 3.2.2, and older unsupported versions — when using routing functionality — it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. NetCloud Manager utilizes Spring Cloud Function and was subsequently updated upon disclosure of the vulnerability.

 


 

Public Disclosure: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22963

Vulnerability Status:

NetCloud Manager: Affected; Patched on April 1st, 2022. No customer action necessary.

NetCloud OS: Unaffected; NCOS does not use Java libraries.

NetCloud Perimeter: Unaffected; NCP does not use the vulnerable version of Spring Cloud Function.