CVE-2022-22946 Vulnerability Details

  /     /     /  

CVE-2022-22946 Metadata Quick Info

CVE Published: 04/03/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: vmware | Vendor: n/a | Product: Spring Cloud Gateway
Status : PUBLISHED

---

CVE-2022-22946 Description

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).