ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Spring4Shell ZERO-day exploit CVE-2022-22963 and CVE-2022-22965 vulnerability for CA Test Data Manager

book

Article ID: 238522

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

Two CVE’s for New Spring4Shell Zero-Day Vulnerability:

- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

https://tanzu.vmware.com/security/cve-2022-22963

 - CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

https://tanzu.vmware.com/security/cve-2022-22965

 

Is CA Test Data Manager impacted by this vulnerability?

Resolution

The Broadcom Agile Operations CA Test Data Manager Development team is investigating, and an update will be made available April 4th.

This advisory will be updated as we identify and publish solutions.