search cancel

Spring4Shell ZERO-day exploit CVE-2022-22963 and CVE-2022-22965 vulnerability for CA Service Virtualization

book

Article ID: 238521

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Two CVE’s for New Spring4Shell Zero-Day Vulnerability:

- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

https://tanzu.vmware.com/security/cve-2022-22963

 - CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

https://tanzu.vmware.com/security/cve-2022-22965

 

Is CA Service Virtualization impacted by this vulnerability?

Cause

N/A

Environment

All supported DevTest versions and platforms.

Resolution

CA Service Virtualization is NOT impacted by this vulnerability.

For more information, please review this link -https://knowledge.broadcom.com/external/article?articleId=238439