CVE-2022-22946 in VMware and Oracle Products
Published on March 4, 2022

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.

NVD

Products Associated with CVE-2022-22946

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-22946 are published in these products:

VMware Spring Cloud Gateway

Oracle Commerce Guided Search

Oracle Communications Cloud Native Core Binding Support Function

Oracle Communications Cloud Native Core Network Repository Function

Oracle Communications Cloud Native Core Security Edge Protection Proxy

Oracle Communications Cloud Native Core Console

Exploit Probability

EPSS

0.73%

Percentile

72.22%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-22946 in VMware and Oracle ProductsPublished on March 4, 2022

Products Associated with CVE-2022-22946

Exploit Probability

CVE-2022-22946 in VMware and Oracle Products
Published on March 4, 2022