ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Spring4Shell ZERO-day exploit CVE-2022-22963 and CVE-2022-22965 vulnerability for DX Operational Intelligence (DX OI)


Article ID: 238525


Updated On:


DX OI SaaS DX Operational Intelligence


Two CVE’s for New Spring4Shell Zero-Day Vulnerability:

- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

 - CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+


Is DX Operational Intelligence (DX OI) impacted by this vulnerability?


DX Operational Intelligence (DX OI)

21.3.1, 21.3.1 HF1, SaaS


DX Operational Intelligence (DX OI) is vulnerable to the new Spring4Shell vulnerabilities.  We identified the affected components and releases. We updated our SaaS environment with the required fixes.  For On-prem customers, Hot fix is released.  Please refer to the link below for complete installation instructions.