CVE-2022-4963

Name: CVE-2022-4963
Creator: NVD / NIST
Published: 2024-03-21T02:44:57.06+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 0.60%

Last modified Jun 17, 2026

CVE-2022-4963 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. EPSS estimates a 0.60% chance of exploitation in the next 30 days.

Description

A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is d374a5f77e6b58e36f0e0e4419be18b95edcd7ff. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257516.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.60%

44.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-89

Affected Software

Vendor	Product	Versions
Folio	Spring Module Core	< 2.0.0

References

https://github.com/folio-org/spring-module-core/commit/d374a5f77e6b58e36f0e0e4419be18b95edcd7ffPatch
https://github.com/folio-org/spring-module-core/pull/39Issue Tracking, Patch
https://github.com/folio-org/spring-module-core/releases/tag/v2.0.0Release Notes
https://vuldb.com/?ctiid.257516Permissions Required, VDB Entry
https://vuldb.com/?id.257516Third Party Advisory, VDB Entry
https://github.com/folio-org/spring-module-core/commit/d374a5f77e6b58e36f0e0e4419be18b95edcd7ffPatch
https://github.com/folio-org/spring-module-core/pull/39Issue Tracking, Patch
https://github.com/folio-org/spring-module-core/releases/tag/v2.0.0Release Notes
https://vuldb.com/?ctiid.257516Permissions Required, VDB Entry
https://vuldb.com/?id.257516Third Party Advisory, VDB Entry

Timeline

Published: Mar 21, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2022-4963?

How severe is CVE-2022-4963?

CVE-2022-4963 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.60% probability of exploitation in the next 30 days.

How do I fix CVE-2022-4963?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-4963?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST