CVE-2022-46166: Spring Boot Admin Remote Command Execution Vulnerability

Author : Sangfor Technologies
Published Date : 15 Dec 2022
Last Modified Date : 01 Feb 2023

Tag :

1. Summary

Vulnerability Name	Spring Boot Admin Remote Command Execution Vulnerability
Attack Type	variable coverage
Time Discovered	2022-12-14
Updated Time	2022-12-15
CVE ID	CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers and write access to environment variables via UI are affected.

2. Affected Versions

Spring Boot Admin<2.6.10

2.7.0≤Spring Boot Admin<2.7.8

3.0.0:m1≤Spring Boot Admin<3.0.0:m6

3. Solution

Currently, the latest version has been officially released, and affected users are advised to update and upgrade to the latest version in time. The link is as follows: https://github.com/codecentric/spring-boot-admin/releases

4. Related Links

https://github.com/codecentric/spring-boot-admin/security/advisories/GHSA-w3x5-427h-wfq6

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name *

Name

Email Address *

Email Address

Business Phone Number *

Business Phone Number

Tell us about your project requirements *

Tell us about your project requirements

I want to receive updates on Sangfor's latest products and solutions. I can unsubscribe at any time.

address1

See Other Product

Sangfor Omni-Command

Replace your Enterprise NGAV with Sangfor Endpoint Secure

Cyber Command - NDR Platform

Endpoint Secure

Internet Access Gateway (IAG)

Sangfor Network Secure - Next Generation Firewall

Meet the Author

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.