Spring Vulnerabilities: CVE-2022-22963 CVE-2022-22965 and Rally
search cancel

Spring Vulnerabilities: CVE-2022-22963 CVE-2022-22965 and Rally

book

Article ID: 238515

calendar_today

Updated On:

Products

Rally On-Premise Rally SaaS Rally Perpetual Hosted

Issue/Introduction

Two CVE’s for New Spring4Shell Zero-Day Vulnerability:

- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

https://tanzu.vmware.com/security/cve-2022-22963

 - CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

https://tanzu.vmware.com/security/cve-2022-22965

 

Is Rally impacted by this vulnerability?

Resolution

Rally SaaS

The Rally SaaS product is not affected by this vulnerability.

 

Rally On-premise

The Rally on-premise product is not affected by this vulnerability.

 

Rally Adapter for Jira

The Rally Adapter for Jira product is not affected by this vulnerability.

 

Additional Information

aka SpringShell

Powered by Wolken Software