Spring4Shell RCE vulnerability [CVE-2022-22965] - All you need to know

About the vulnerability:

Tracked by CVE-2022-22965, the Spring4Shell is a zero-day vulnerability arising in the Spring Core Framework.

CVE ID	Description	Impact
CVE-2022-22965	Remote Code Execution	Zero-day

* The CVE-2022-22965 has been published.

** Currently, we don't support patching/mitigation for this vulnerability.

As per the Spring Blog:

"The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."

Am I affected:

We are glad to announce that none of ManageEngine's UEMS applications are affected by the zero-day vulnerability.

Further Updates:

The ManageEngine team is constantly analyzing the vulnerability details. Any further updates will be added to this forum post.

Cheers,

The ManageEngine Team

References:

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

Topic Participants
Anupam KP

Spring4Shell RCE vulnerability [CVE-2022-22965] - All you need to know

Spring4Shell RCE vulnerability [CVE-2022-22965] - All you need to know

About the vulnerability:

Tracked by CVE-2022-22965, the Spring4Shell is a zero-day vulnerability arising in the Spring Core Framework.

Am I affected:

Further Updates:

Topic Participants

Anupam KP

Related Products

Related Products

Related Products

Related Products

Related Products

Related Products