Is CVE-2022-22947 actively exploited?

CVE-2022-22947 has no public evidence of in-the-wild exploitation as of 2025-10-30.

What is the CVSS score for CVE-2022-22947?

CVE-2022-22947 has a CVSS score of 10 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2022-22947?

Patch guidance is available from vmware security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-22947.

Fix CVE-2022-22947 - CRITICAL vmware spring cloud gateway

Q: Which products are affected by CVE-2022-22947?

16 products: vmware spring cloud gateway, vmware spring cloud gateway, oracle commerce guided search, oracle communications cloud native core binding support function, oracle communications cloud native core binding support function, and 11 more.

Description

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-94 · Code Injection CWE-917

Metadata

Primary Vendor: VMWARE
Published: 3/3/2022
Last Modified: 10/30/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

vmware : spring_cloud_gatewayvmware : spring_cloud_gatewayoracle : commerce_guided_searchoracle : communications_cloud_native_core_binding_support_functionoracle : communications_cloud_native_core_binding_support_functionoracle : communications_cloud_native_core_consoleoracle : communications_cloud_native_core_network_exposure_functionoracle : communications_cloud_native_core_network_function_cloud_native_environmentoracle : communications_cloud_native_core_network_repository_functionoracle : communications_cloud_native_core_network_repository_functionoracle : communications_cloud_native_core_network_repository_functionoracle : communications_cloud_native_core_network_repository_functionoracle : communications_cloud_native_core_network_slice_selection_functionoracle : communications_cloud_native_core_network_slice_selection_functionoracle : communications_cloud_native_core_security_edge_protection_proxyoracle : communications_cloud_native_core_service_communication_proxy

Remediation Guidance

Executive Summary

View on NIST NVD