VMware Tanzu (Spring Cloud) Data Breach
VMware Tanzu (Spring Cloud) experienced a data breach that was reported on August 25, 2022. When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution
Key Facts
- Organization
- VMware Tanzu (Spring Cloud)
- Date Reported
- August 25, 2022
- Incident Type
- web app exploit
- Industry
- Technology
- Severity Score
- 5/10
- Confidence Level
- high
- Tags
Source
View original source - External link to primary source documentation
Understanding web app exploit Incidents
Web application exploits target vulnerabilities in websites and APIs. Secure development practices, WAFs, and penetration testing protect against these attacks.