Outbreak Alert
Critical flaw found in Spring Cloud Function resulting in Remote Code Execution
In Spring Cloud Function versions 3.2.2, 3.1.6, and older versions, it is possible for an attacker to provide a specially crafted malicious expression that may result in remote code execution and access to local resources. With CVSS base score of 9.8 and publicly available proof of concept, this vulnerability should be seriously attended. Learn More »
Common Vulnerabilities and Exposures
Background
Spring Framework is an open source lightweight Java-based platform application development framework for creating high-performing, easily testable code. And, Spring Cloud provides developer tools to build distributed systems (e.g. configuration management, service discovery, etc). In March 2022, another critical vulnerability CVE-2022-22965 known as "Spring4Shell" also affected a flaw in the Spring Framework. See dedicated Outbreak Report for full details: https://www.fortiguard.com/outbreak-alert/spring4shell-vulnerability
Threat Radar Overall Score:
 |
CVSS Rating | 9.0 |
 |
FortiRecon Score | 93/100 |
 |
Known Exploited | Yes |
 |
Exploit Prediction Score | 97.54% |
 |
FortiGuard Telemetry | 22678 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
March 29, 2022: VMware published a vulnerability report: https://tanzu.vmware.com/security/cve-2022-22963
Dec 20, 2022: FortiGuard Labs is still seeing active attack attempts of the vulnerability CVE-2022-22963 and advises users to upgrade to recommended versions for mitigating the vulnerability.
The FortiGuard telemetry can be viewed at: https://www.fortiguard.com/encyclopedia/ips/51355
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
IPS
-
Web App Security
-
Application Firewall
-
Outbreak Detection
-
Threat Hunting
-
Automated Response
-
Assisted Response Services
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
References
Sources of information in support and relation to this Outbreak and vendor.