Two CVE’s for New Spring4Shell Zero-Day Vulnerability:
- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression
- CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
Is CA Client Automation impacted by this vulnerability?
The Broadcom Agile Operations CA Client Automation Development team is investigating, and an update will be made available April 4th.
This advisory will be updated as we identify and publish solutions.