These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2022-22963 is a VMware Tanzu Spring Cloud Function remote code execution vulnerability that CISA included in its Known Exploited Vulnerabilities (KEV) catalog on 2022-08-25. Because it is a KEV item, defenders should treat it as an actively exploited issue and prioritize vendor-recommended remediation on affected Spring Cloud Function deployments.
CVE-2020-5410 is a directory traversal vulnerability affecting VMware Tanzu Spring Cloud Config Server. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-03-25, which indicates confirmed exploitation in the wild and raises the urgency for remediation.
CVE-2018-1273 affects VMware Tanzu Spring Data Commons and is listed by CISA as a Known Exploited Vulnerability. The supplied CISA record also marks it as associated with known ransomware campaign use, so any affected deployment should be treated as urgent remediation work.