{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2022-22963","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:32:50.100Z","generator":{"date":"2026-04-11T00:32:50.100Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2022-22963","initial_release_date":"2022-03-31T02:30:00.000Z","revision_history":[{"number":"1","date":"2022-03-30T19:30:00.000Z","summary":"Initial publication"},{"number":"2","date":"2022-03-31T07:19:00.000Z","summary":"Referenced CVE-2022-22965"},{"number":"3","date":"2022-03-31T18:30:00.000Z","summary":"Added threat prevention signatures and additional product status"},{"number":"4","date":"2022-04-01T16:30:00.000Z","summary":"Added additional product status"},{"number":"5","date":"2022-04-15T13:00:00.000Z","summary":"Added additional product status"},{"number":"6","date":"2022-04-25T15:30:00.000Z","summary":"Added additional service status. The investigation is complete."}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[]}]},"vulnerabilities":[{"cve":"CVE-2022-22963","product_status":{"known_not_affected":["PANW-PAN-OS-1","PANW-Cortex-XDR-Agent-1","PANW-GlobalProtect-App-1","PANW-Cortex-XSOAR-4","PANW-WildFire-Appliance-(WF-500)-1","PANW-Expanse-1","PANW-Okyo-Garde-1","PANW-Palo-Alto-Networks-App-for-Splunk-1","PANW-Prisma-Cloud-Compute-1","PANW-Expedition-Migration-Tool-1","PANW-IoT-Security-1","PANW-User-ID-Agent-1","PANW-Exact-Data-Matching-CLI-1","PANW-Bridgecrew-1","PANW-Cortex-Xpanse-1","PANW-Enterprise-Data-Loss-Prevention-1","PANW-Prisma-SD-WAN-(CloudGenix)-1","PANW-Prisma-SD-WAN-ION-1","PANW-SaaS-Security-1","PANW-Cortex-Data-Lake-1","PANW-AutoFocus-1","PANW-WildFire-Cloud-1","PANW-Prisma-Cloud-1"]},"notes":[{"category":"description","text":"The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and remediated.\n\nThe following products and services are not impacted by these Spring vulnerabilities: AutoFocus, Bridgecrew, Cortex Data Lake, Cortex XDR agent, Cortex Xpanse, Cortex XSOAR, Enterprise Data Loss Prevention, Exact Data Matching (EDM) CLI, Expanse, Expedition Migration Tool, GlobalProtect app, IoT Security, Okyo Garde, Palo Alto Networks App for Splunk, PAN-OS hardware and virtual firewalls and Panorama appliances, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN (CloudGenix), Prisma SD-WAN ION, SaaS Security, User-ID Agent, WildFire Appliance (WF-500), and WildFire Cloud."}],"references":[{"category":"external","summary":"NVD - CVE-2022-22963","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22963"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2022-22963","url":"https://security.paloaltonetworks.com/CVE-2022-22963"}],"threats":[{"category":"impact","description":"The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and remediated.\n\nThe following products and services are not impacted by these Spring vulnerabilities: AutoFocus, Bridgecrew, Cortex Data Lake, Cortex XDR agent, Cortex Xpanse, Cortex XSOAR, Enterprise Data Loss Prevention, Exact Data Matching (EDM) CLI, Expanse, Expedition Migration Tool, GlobalProtect app, IoT Security, Okyo Garde, Palo Alto Networks App for Splunk, PAN-OS hardware and virtual firewalls and Panorama appliances, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN (CloudGenix), Prisma SD-WAN ION, SaaS Security, User-ID Agent, WildFire Appliance (WF-500), and WildFire Cloud."}],"scores":[{"cvss_v3":{"version":"3.1","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE","vectorString":"CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N","baseScore":0,"baseSeverity":"NONE"},"products":[]}]}]}