Is CVE-2022-22947 patched on this host?
In Spring Cloud Gateway, the actuator endpoint is vulnerable to an arbitrary code execution attack in versions before 3.1.1+ and 3.0.7+. This TTP sends a curl request that will attempt to publish a new endpoint and run the 'id' command on the remote host. A remote attacker could make a maliciously crafted request that allows arbitrary code execution on the remote host.
To view this TTPs command, you must be logged in with a professional or enterprise license.Login
Test this TTP
Download Operator (1.7.1)