Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Vulnerability in Spring Framework Affecting Cisco Products: March 2022

cisco-sa-java-spring-rce-Zx9GUc67 · Critical · Published · Updated

On March 31, 2022, the following critical vulnerability in the Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+ was released:      CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ For a description of this vulnerability, see VMware Spring Framework Security Vulnerability Report. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

Cisco advisory · CSAF JSON

Workarounds

Any workarounds will be documented in the product-specific Cisco bugs, which are identified in the Vulnerable Products section of this advisory.

CVEsCVE-2022-22965
Cisco Bug IDsCSCwb69766, CSCwb43734, CSCwb43739, CSCwb43738, CSCwb43736, CSCwd75689, CSCvv65984, CSCwb44794, CSCwb70105, CSCwc96587, CSCwa79849, CSCwb84370, CSCwb43345, CSCwb43327, CSCwb43328, CSCwb43331, CSCwb43332, CSCwb43335, CSCwb43340, CSCwb43342, CSCwb43346
CVSS ScoreBase 9.8
Base 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Emergency Responder, Cisco Unity Connection, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM and Presence Service, Cisco Prime License Manager, Cisco Prime Collaboration Deployment, Cisco Firepower Management Center, Cisco Evolved Programmable Network Manager (EPNM), Cisco Firepower Threat Defense Software, Cisco IoT Field Network Director (IoT-FND), Cisco HyperFlex HX Data Platform, Cisco Unified Communications Manager / Cisco Unity Connection, Cisco Secure Firewall Management Center (FMC), Cisco Secure Firewall Threat Defense (FTD) Software

Related Products

Product CVE Evidence
Cisco Unity Connection CVE-2022-22965 Cisco OpenVuln
Cisco Unity CVE-2022-22965 Cisco OpenVuln
Cisco Unified Communications Manager IM and Presence Service CVE-2022-22965 Cisco OpenVuln
Cisco Unified Communications Manager / Cisco Unity Connection CVE-2022-22965 Cisco OpenVuln
Cisco Unified Communications Manager CVE-2022-22965 Cisco OpenVuln
Cisco Secure Firewall Threat Defense (FTD) Software CVE-2022-22965 Cisco OpenVuln
Cisco Secure Firewall Management Center (FMC) CVE-2022-22965 Cisco OpenVuln
Cisco Prime License Manager CVE-2022-22965 Cisco OpenVuln
Cisco Prime Collaboration Deployment CVE-2022-22965 Cisco OpenVuln
Cisco Prime Collaboration CVE-2022-22965 Cisco OpenVuln
Cisco IoT Field Network Director (IoT-FND) CVE-2022-22965 Cisco OpenVuln
Cisco HyperFlex HX Data Platform CVE-2022-22965 Cisco OpenVuln
Cisco Firepower Threat Defense Software CVE-2022-22965 Cisco OpenVuln
Cisco Firepower Management Center CVE-2022-22965 Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM) CVE-2022-22965 Cisco OpenVuln
Cisco Emergency Responder CVE-2022-22965 Cisco OpenVuln