Vulnerabilities > Vmware > Spring Cloud Gateway > 3.1.0

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2022-22946 Improper Certificate Validation vulnerability in multiple products
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager.
local
low complexity
vmware oracle CWE-295
5.5
5.5
2022-03-03 CVE-2022-22947 Expression Language Injection vulnerability in multiple products
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
network
low complexity
vmware oracle CWE-917
critical
 10.0
10