search cancel

Spring4Shell ZERO-day exploit CVE-2022-22963 and CVE-2022-22965 vulnerability for CA Workload Automation DE (dSeries)


Article ID: 238516


Updated On:


DSERIES- SERVER CA Workload Automation DE - System Agent (dSeries) CA Workload Automation DE - Scheduler (dSeries) CA Workload Automation DE - Business Agents (dSeries)


Two CVE’s for New Spring4Shell Zero-Day Vulnerability:

- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

 - CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+


Is CA Workload Automation DE (dSeries) impacted by this vulnerability?


 1. ESP dSeries (WA DE) Product team analyzed the following vulnerabilities and it is not impacted  





2.  Workload Automation Agents do not use Spring Framework, and are not impacted by this vulnerabilities.