cvedb.io
CVE-2022-22946
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2022-03-04T16:15:10.377 · Last modified 2026-06-17T04:29:13.313

Summary

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.

Affected products

vmware — spring_cloud_gateway

Does this affect you?

Add your gear to cvedb and we'll alert you only when vmware ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.