Experiencing a Breach?
en
Platform
Why SentinelOne?
Services
Partners
Resources
About
en
Get a Demo
CVE-2022-22963 | SentinelOne

CVE-2022-22963: Protect Your Spring Cloud Functions From Critical RCE Vulnerability

by Mansi B.

On the 30th of March, 2022, a new Zero-day CVE in Spring Cloud Functions was discovered, named CVE-2022-22963. Spring Cloud Function promotes the implementation of business logic via functions. The vulnerability is remotely exploitable without authentication, i.e., it can be exploited over a network without a username and password.

What is a Spring Cloud function?

Spring Cloud is an open-source microservice framework. Spring Cloud is a collection of functions useful in building distributed enterprise applications.

Due to the severity of this vulnerability, Sentinelone strongly recommends that customers apply the updates and upgrade the Spring cloud function to the recommended patch Spring Cloud Function 3.2.3 or 3.1.7.

What is the impact of Spring Cloud vulnerability?

The spring cloud vulnerability can be exploited to allow unauthorized remote code execution on the affected servers. Hackers are still utilizing the recently discovered exploit to attack the servers. The exploit lets an attacker execute malicious Java code on the vulnerable server.

  • The attacker will invoke any server endpoint with a malicious payload.
  • The payload could be injected in the “spring.cloud.function.routing-expression” header, which is evaluated by SimpleEvaluationContext: T(java.lang.Runtime).getRuntime().exec(”command”)

Here, “command” refers to the malicious command that an attacker can use to harm the system maliciously and can take over a remote server. This payload triggers the Spring Cloud Function, sending a request to the attacker’s server.

  • The payload is then evaluated by SimpleEvaluationContext, which then triggers, and an attacker could execute system commands. 

Affected systems

Various applications and cloud services using Spring Cloud are under the radar of this attack. However, security researchers have already discovered that the CVE-2022-22963 vulnerability can be exploited on the servers of large companies. 

Upgrading the Spring Cloud Function to 3.2.17 or 3.1.6 or higher is highly recommended.

The following versions of Spring Cloud Function are impacted:

3.1.6 <= version <= 3.2.16

Steps for remediation

The latest version of Spring Cloud Function has been released on the official website. You can download it and upgrade your service to use the newest version.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Read More

Get a demo

Defeat every attack, at every stage of the threat lifecycle with SentinelOne

Book a demo and see the world’s most advanced cybersecurity platform in action.

Get Demo

SentinelLabs

SentinelLabs: Threat Intel & Malware Analysis

We are hunters, reversers, exploit developers, & tinkerers shedding light on the vast world of malware, exploits, APTs, & cybercrime across all platforms.

VISIT SITE

Wizard Spider and Sandworm

MITRE Engenuity ATT&CK Evaluation Results

SentinelOne leads in the latest Evaluation with 100% prevention. Leading analytic coverage. Leading visibility. Zero detection delays.

SEE RESULTS