Two CVE’s for New Spring4Shell Zero-Day Vulnerability:
- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression
- CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
Is CA Test Data Manager impacted by this vulnerability?
The Broadcom Agile Operations CA Test Data Manager Development team is investigating, and an update will be made available April 4th.
This advisory will be updated as we identify and publish solutions.