CVE-2022-22965 in Insurance Policy Administration Operational Data Store for Life and Annuity정보

요약

\~에 의해 MITRE • 2022. 04. 02.

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2022. 01. 10.

공개

2022. 04. 02.

모더레이션

수락

항목

연결하다

보여 주다

CPE

준비됨

CWE

CWE-94 (확인됨)

CVSS

9.8 (NVD)

EPSS

0.94428

KEV

네

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-22965
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-22965
CVE Details	https://www.cvedetails.com/cve/CVE-2022-22965/

◂ 이전 개요 다음 ▸

Do you know our Splunk app?

Download it now for free!