Security Alert for RCE in Spring Cloud Function CVE-2022-22963 - Security Advisory TWA SEC 3656

TCPWave Security
Date: April 12, 2022

All versions of TCPWave DDI Products (DNS, DHCP, IP Address Management)


A critical vulnerability was reported to VMware impacting Spring Cloud Function versions 3.1.6, 3.2.2, and older unsupported versions. It is disclosed under CVE-2022-22963 and states that the vulnerability allows the threat actors to execute arbitrary code on the host. So this vulnerability can impact the resources in cloud providers such as VMware, AWS, Google Cloud, etc.


As per the TCPWave Information Security Team, we confirm that our platform (TCPWave IPAM and TCPWave Remote appliances) is not vulnerable to CVE 2022-22963.


No workaround is required.


No action is required.


Customers with questions on this alert can contact TCPWave Support at [email protected].

TCPWave Security