CVE-2022-22947

VMware Spring Cloud Gateway Code Injection Vulnerability

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. Vendor/Product: VMware Spring Cloud Gateway. Added to CISA KEV 2022-05-16; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2022-22947