Vulnerability Details CVE-2022-22946
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.2%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
Products affected by CVE-2022-22946
-
cpe:2.3:a:oracle:commerce_guided_search:11.3.2
-
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3
-
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0
-
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2
-
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0
-
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1
-
cpe:2.3:a:vmware:spring_cloud_gateway:3.1.0