Is CVE-2022-22946 actively exploited?

CVE-2022-22946 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2022-22946?

CVE-2022-22946 has a CVSS score of 5.5 (MEDIUM severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

How do I patch CVE-2022-22946?

Patch guidance is available from vmware security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-22946.

CVE-2022-22946 - remediation guidance & executive summary

Q: Which products are affected by CVE-2022-22946?

7 products: vmware spring cloud gateway, oracle commerce guided search, oracle communications cloud native core binding support function, oracle communications cloud native core console, oracle communications cloud native core network repository function, and 2 more.

Description

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Weaknesses: CWE-295

Metadata

Primary Vendor: VMWARE
Published: 3/4/2022
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

vmware : spring_cloud_gatewayoracle : commerce_guided_searchoracle : communications_cloud_native_core_binding_support_functionoracle : communications_cloud_native_core_consoleoracle : communications_cloud_native_core_network_repository_functionoracle : communications_cloud_native_core_network_repository_functionoracle : communications_cloud_native_core_security_edge_protection_proxy

Remediation Guidance

Executive Summary

View on NIST NVD