search cancel

Spring Vulnerabilities: CVE-2022-22963 CVE-2022-22965 and Rally

book

Article ID: 238515

calendar_today

Updated On:

Products

CA Agile Central On Premise (Rally) CA Agile Central SaaS (Rally) Rally Perpetual Hosted

Issue/Introduction

Two CVE’s for New Spring4Shell Zero-Day Vulnerability:

- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

https://tanzu.vmware.com/security/cve-2022-22963

 - CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

https://tanzu.vmware.com/security/cve-2022-22965

 

Is Rally impacted by this vulnerability?

Resolution

Rally SaaS

The Rally SaaS product is not affected by this vulnerability.

 

Rally On-premise

The Rally on-premise product is not affected by this vulnerability.

 

Rally Adapter for Jira

The Rally Adapter for Jira product is not affected by this vulnerability.

 

Additional Information

aka SpringShell