Spring4Shell vulnerability (CVE-2022-22965) - Vulnerability Detection using Desktop Central (on-premise) with VMP / Endpoint Security add-on

Spring4Shell vulnerability (CVE-2022-22965) - Vulnerability Detection using Desktop Central (on-premise) with VMP / Endpoint Security add-on

*This forum post will be updated periodically based on the data updated by Spring.
 
The recently identified Spring4Shell vulnerability (CVE-2022-22965) is classified as a zero-day vulnerability. Present in the Spring Framework, this vulnerability can allow attackers to potentially carry out Remote Code Execution.
 
It is to be noted that the vulnerability has been addressed in Apache Tomcat versions 10.0.20, 9.0.62, and 8.5.78, Spring Framework versions 5.3.18 and 5.2.20 and Spring Boot versions 2.6.6 and 2.5.12.
 
The vulnerability affects the Spring MVC and Spring WebFlux applications running with the following configurations:
  • JDK 9 or higher
  • Apache Tomcat as the Servlet container.
  • Packaged as a traditional WAR (in contrast to a Spring Boot executable jar).
  • spring-webmvc or spring-webflux dependency.
  • Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions.
Note:
  • The nature of the vulnerability is more general, and there may be other ways to exploit it.
  • If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. 


Vulnerability Detection using ManageEngine Desktop Central (on-premise) with VMP / Endpoint Security add-on


Note:
  • This is applicable only for Desktop Central (on-premise) servers with VMP / Endpoint Security add-on.

  • Since their may be other ways to exploit the vulnerability owing to its more general nature, kindly reach out to the respective web application vendors for vulnerability information and patch details.

  • The vulnerability details will be available only after the next DB sync.


To detect affected network systems as well as the vulnerable web server installations on those systems,

1) Log in to the Desktop Central web console.


2) Navigate to Threats & patches> Threats > Web Server Misconfiguration

 

3) Search for Spring4Shell vulnerability (CVE-2022-22965) to find affected Windows systems and Spring4Shell vulnerability (CVE-2022-22965) for Linux to find affected Linux systems.

 

4) Under the Affected Systems column, you'll get a total count of systems affected by this vulnerability.

 

5) Clicking on it will reveal the affected systems.

 

6) To view the exact web server installations on those systems that are affected by this vulnerability, click on the Web Server Misconfiguration count available for each system.

 

7) In the resulting table view, the file path column displays the home directory path or the exe path of the web servers affected by the Spring4Shell vulnerability (CVE-2022-22965).

 

8) You can also view the vulnerabilities under the Threats & Patches > Threats >  Software Vulnerabilities and the CVE ID under Threats & Patches > Threats > Detected CVEs

 


Reference link:

                New to ADSelfService Plus?