Patching Spring Framework RCE Zero-Day Vulnerability (CVE-2022-22965)

Brenda Gratas September 6, 2022
- 3 min read

In today's digital landscape, ensuring the security of your network and systems is paramount. One critical vulnerability that demands attention is CVE-2022-22965, a RCE zero-day vulnerability in the Spring Framework.

In this blog post, we’ll provide you with a comprehensive understanding of CVE-2022-22965, its risks, the necessary steps to patch it, and how InvGate Insight can simplify the process.

Read on to effectively protect your network against this exploit and maintain the integrity of your infrastructure.

About CVE-2022-22965

CVE-2022-22965 is a critical vulnerability in the Spring Framework, an open-source Java framework for developing web applications. The vulnerability allows an attacker to execute arbitrary code on a vulnerable server by sending a specially crafted HTTP request.

The versions of the Spring Framework affected by CVE-2022-22965 are

  • 5.3.0 to 5.3.17
  • 5.2.0 to 5.2.19

Older or no longer supported versions are also affected. However, they should not be used and should be upgraded as soon as possible.

How does CVE-2022-22965 work?

CVE-2022-22965 is caused by a misconfiguration in the Spring Framework's data binding functionality. Data binding is a process of converting data from one format to another. In the Spring Framework, data binding is used to convert HTTP requests into Java objects.

The vulnerability occurs when the Spring Framework tries to bind a request parameter to a Java object that does not exist. In this case, the Spring Framework will attempt to create a new instance of the Java object. However, the Spring Framework does not properly validate the request parameter, which allows an attacker to specify a class name that contains malicious code.

When the Spring Framework tries to create a new instance of the malicious class, it will execute the malicious code. This allows the attacker to take control of the vulnerable server.

What are CVE-2022-22965 risks?

An attacker who can exploit this vulnerability can take control of a vulnerable server, allowing them to steal data, install malware, or disrupt the operation of the server.

In addition, the vulnerability could be used to launch a denial-of-service attack against a vulnerable server. This type of attack makes a server unavailable to its legitimate users. It could be done by flooding the server with requests or by consuming all of the server's resources.

How to patch CVE-2022-22965

To patch this vulnerability, users should update to the latest version of the Spring Framework. 

In addition, they should also take steps to harden their servers against attack. This includes configuring firewalls and intrusion detection systems to block malicious traffic and using strong passwords and security practices.

How to find devices exposed to CVE-2022-22965

With InvGate Insight, you can quickly pinpoint devices that have been impacted by the CVE-2022-22965 vulnerability. Here is a guide outlining the necessary actions to take:

  1. Open InvGate Insight and go to the Explorer tab.
  2. Type in the Search bar “Software name, is:Spring” to filter all devices with this framework.
  3. Add another filter to the Search bar to see all devices missing the security patch. To do that, add the following filter: “Reported version, is not:” and paste the patched version (5.3.18 and 5.2.20 or greater).

Use InvGate Insight to find devices exposed to CVE-2022-22965

The bottom line

The CVE-2022-22965 vulnerability is a critical issue in the Spring Framework, a popular Java framework for web development. Exploiting this vulnerability allows attackers to execute malicious code on a vulnerable server by sending a specially crafted HTTP request. It poses significant risks, including data theft, malware installation, server disruption, and potential denial-of-service attacks.

To mitigate this vulnerability, users should update their Spring Framework to the latest version, as older versions are also affected.

InvGate Insight offers a solution for simplifying Patch Management by helping users identify devices that are vulnerable to CVE-2022-22965. To experience its benefits, request a 30-day free trial and proactively ensure your devices are protected.

Read other articles like this : vulnerabilities

Evaluate InvGate as Your ITSM Solution

30-day free trial - No credit card needed