CVE-2022-22946

EPSS 0.73% · P73 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-22946

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Vmware VMware Spring Cloud Gateway 信任管理问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Vmware VMware Spring Cloud Gateway是美国威睿（Vmware）公司的一个网关组件。 VMware Spring Cloud Gateway 存在信任管理问题漏洞，该漏洞源于使用HTTP2不安全的TrustManager时存在安全绕过问题。本地用户可以发送专门制作的请求，并使用无效或自定义证书连接到远程服务。该漏洞允许本地用户绕过安全限制。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Spring Cloud Gateway	Spring cloud gateway versions 3.1.x prior to 3.1.1+	-

II. Public POCs for CVE-2022-22946

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-22946

请登录查看更多情报信息。

https://tanzu.vmware.com/security/cve-2022-22946x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2022-22946

Same Patch Batch · n/a · 2022-03-04 · 45 CVEs total

CVE-2022-23915	7.2 HIGH	Remote Code Execution (RCE)
CVE-2022-26484	4.9 MEDIUM	Veritas InfoScale Operations Manager路径遍历漏洞
CVE-2022-26483	4.8 MEDIUM	Veritas Infoscale Operations Manager 跨站脚本漏洞
CVE-2021-3656		KVM 安全漏洞
CVE-2021-3743		Linux kernel 缓冲区错误漏洞
CVE-2021-27757		HCL BigFix Insights 安全漏洞
CVE-2021-27756		HCL BigFix Compliance 加密问题漏洞
CVE-2021-44827		Tp-link Archer C2 操作系统命令注入漏洞
CVE-2021-40846		Rhinode Trading Paints 安全漏洞
CVE-2021-46384		MingSoft MCMS 访问控制错误漏洞
CVE-2021-46353		D-Link Dir-X1860 安全漏洞
CVE-2022-23233		Netapp StorageGRID 安全漏洞
CVE-2022-23232		Netapp StorageGRID 授权问题漏洞
CVE-2021-3575		OpenJPEG 缓冲区错误漏洞
CVE-2021-3428		Linux kernel 输入验证错误漏洞
CVE-2021-20319		coreos-installer 数据伪造问题漏洞
CVE-2022-21828		Incapptic Connect 安全漏洞
CVE-2022-25623		Symantec Management Center 安全漏洞
CVE-2021-3744		Linux kernel 安全漏洞
CVE-2022-23729		LG mobile 授权问题漏洞

Showing top 20 of 45 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Spring Cloud Gateway

Same vendor: n/a

V. Comments for CVE-2022-22946

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-22946

I. Basic Information for CVE-2022-22946

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-22946

III. Intelligence Information for CVE-2022-22946

Same Patch Batch · n/a · 2022-03-04 · 45 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-22946

Leave a comment