Vulnerabilities > Oracle > Communications Cloud Native Core Unified Data Repository > 22.1.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-01	CVE-2022-22963	Expression Language Injection vulnerability in multiple products In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. network low complexity vmware oracle CWE-917 critical	9.8
2022-04-01	CVE-2022-22965	Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. network low complexity vmware cisco oracle siemens veritas CWE-94 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.