• JDK 9 or higher
• Apache Tomcat as the Servlet container.
• Packaged as a traditional WAR (in contrast to a Spring Boot executable jar).
• spring-webmvc or spring-webflux dependency.
• Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions.

• The nature of the vulnerability is more general, and there may be other ways to exploit it.
• If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. 

Vulnerability Detection using ManageEngine Desktop Central (on-premise) with VMP / Endpoint Security add-on

• This is applicable only for Desktop Central (on-premise) servers with VMP / Endpoint Security add-on.

• Since their may be other ways to exploit the vulnerability owing to its more general nature, kindly reach out to the respective web application vendors for vulnerability information and patch details.

• The vulnerability details will be available only after the next DB sync.

1) Log in to the Desktop Central web console.

2) Navigate to Threats & patches> Threats > Web Server Misconfiguration

3) Search for Spring4Shell vulnerability (CVE-2022-22965) to find affected Windows systems and Spring4Shell vulnerability (CVE-2022-22965) for Linux to find affected Linux systems.

4) Under the Affected Systems column, you'll get a total count of systems affected by this vulnerability.

5) Clicking on it will reveal the affected systems.

6) To view the exact web server installations on those systems that are affected by this vulnerability, click on the Web Server Misconfiguration count available for each system.

7) In the resulting table view, the file path column displays the home directory path or the exe path of the web servers affected by the Spring4Shell vulnerability (CVE-2022-22965).

8) You can also view the vulnerabilities under the Threats & Patches > Threats >  Software Vulnerabilities and the CVE ID under Threats & Patches > Threats > Detected CVEs