ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Spring4Shell ZERO-day exploit CVE-2022-22963 and CVE-2022-22965 vulnerability for CA Client Automation

book

Article ID: 238518

calendar_today

Updated On:

Products

CA Client Automation CA Client Automation - Asset Intelligence CA Client Automation - Asset Management CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager CA Client Automation - Remote Control CA Client Automation - Software Delivery

Issue/Introduction

Two CVE’s for New Spring4Shell Zero-Day Vulnerability:

- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

https://tanzu.vmware.com/security/cve-2022-22963

 - CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

https://tanzu.vmware.com/security/cve-2022-22965

 

Is CA Client Automation impacted by this vulnerability?

Resolution

The Broadcom Agile Operations CA Client Automation Development team is investigating, and an update will be made available April 4th.


This advisory will be updated as we identify and publish solutions.