Unrated severityNVD Advisory· Published Mar 4, 2022· Updated Aug 3, 2024
CVE-2022-22946
CVE-2022-22946
Description
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.1.1
Patches
Vulnerability mechanics
References
2- tanzu.vmware.com/security/cve-2022-22946mitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujul2022.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.