search cancel

Broadcom API Portal - Impact of CVE-2022-22947

book

Article ID: 242710

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

CVE-2022-22947 vulnerability

Environment

API Portal

Cause

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Resolution

We do not use spring cloud library in Portal, hence our product is not directly impacted

Additional Information

CVE-2022-22947 - Reference link here