# [HIGH] Exploring CVE-2022-33980: the Apache Commons configuration RCE vulnerability

**Source:** Snyk
**Published:** 2022-07-08
**Article:** https://snyk.io/blog/cve-2022-33980-apache-commons-configuration-rce-vulnerability/

## Threat Profile

Snyk Blog In this article
Written by Kyle Suero 
Brian Vermeer 
July 8, 2022
0 mins read Before we dive into the details of this vulnerability, we want to make it clear that there’s no need for panic. Many systems permit the use of various types of code in configuration files, and there are legitimate use cases to include string and variable interpolation in the configuration of applications and systems. This is not Log4Shell all over again. This is simple configuration manipulation. If someone …

## Indicators of Compromise (high-fidelity only)

- **CVE:** `CVE-2022-33980`

## MITRE ATT&CK Techniques

- **T1190** — Exploit Public-Facing Application

## Kill chain phases observed

_(none detected from narrative keywords)_

## Recommended hunts

### IOC-driven hunts (use shared templates)

These are standard IOC-substitution hunts — the canonical SPL and KQL live once in [`_TEMPLATES.md`](../_TEMPLATES.md), so we don't repeat the same boilerplate on every CVE / hash / network-IOC briefing.

- **Asset exposure — vulnerability matches article CVE(s)** ([template](../_TEMPLATES.md#asset-exposure)) — phase: **recon**, confidence: **High**
  - CVE(s): `CVE-2022-33980`


## Why this matters

Severity classified as **HIGH** based on: CVE present, 1 use case(s) fired, 1 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.