Spring Core - Remote Code Execution (Spring4Shell - CVE-2022-22965)
- Severity
- Vulnerability description
- Not available
- Risk description
- Not available
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
- Not available
- References
- https://nvd.nist.gov/vuln/detail/CVE-2022-22965https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/https://jfrog.com/blog/springshell-zero-day-vulnerability-all-you-need-to-know
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Sniper
- Exploitable with Sniper
- Yes
- CVE Published
- Mar 28, 2022
- Detection added at
- Software Type
- Web framework
- Vendor
- Pivotal Software
- Product
- Spring Framework
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.