search cancel

AAI - Spring4Shell (CVE-2022-22965), the Spring Cloud vulnerability (CVE-2022-22963) and the Spring Expression DoS vulnerability (CVE-2022-22950)

book

Article ID: 238496

calendar_today

Updated On:

Products

Automic Automation Intelligence

Issue/Introduction

Are AAI(JAWS) and any AAI Connectors affected by these vulnerabilities vulnerabilities below?

https://tanzu.vmware.com/security/cve-2022-22963
https://tanzu.vmware.com/security/cve-2022-22965
https://tanzu.vmware.com/security/cve-2022-22950

 

 

Environment

6.4.2-1 and earlier.

Resolution

AAI and all Framework based connectors, such as the Automic, ESP, and Control-M connectors, are impacted by the CVE-2022-22950(Medium threat level) vulnerability, but not the CVE-2022-22965(Critical) and CVE-2022-22963(Critical) vulnerabilities.

The AAI Engineering team is aware of these vulnerabilities actively working on a resolution for all affected components.

Please check these document for updates as we will be updating it as more information becomes available.

Additional Information

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20441