Two CVE’s for New Spring4Shell Zero-Day Vulnerability:
- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression
- CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
Is CA Workload Automation DE (dSeries) impacted by this vulnerability?
1. ESP dSeries (WA DE) Product team analyzed the following vulnerabilities and it is not impacted
2. Workload Automation Agents do not use Spring Framework, and are not impacted by this vulnerabilities.