Two CVE’s for New Spring4Shell Zero-Day Vulnerability:
- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression
https://tanzu.vmware.com/security/cve-2022-22963
- CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
https://tanzu.vmware.com/security/cve-2022-22965
Is CA Client Automation impacted by this vulnerability?
The Broadcom Agile Operations CA Client Automation Development team is investigating, and an update will be made available April 4th.
This advisory will be updated as we identify and publish solutions.