ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AAI - Spring4Shell (CVE-2022-22965), the Spring Cloud vulnerability (CVE-2022-22963) and the Spring Expression DoS vulnerability (CVE-2022-22950)


Article ID: 238496


Updated On:


Automic Automation Intelligence


Are AAI(JAWS) and any AAI Connectors affected by these vulnerabilities vulnerabilities below?




6.4.2-1 and earlier.


AAI and all Framework based connectors, such as the Automic, ESP, and Control-M connectors, are impacted by the CVE-2022-22950(Medium threat level) vulnerability, but not the CVE-2022-22965(Critical) and CVE-2022-22963(Critical) vulnerabilities.

The AAI Engineering team is aware of these vulnerabilities actively working on a resolution for all affected components.

Please check these document for updates as we will be updating it as more information becomes available.

Additional Information