ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Spring Vulnerabilities: CVE-2022-22963 CVE-2022-22965 - CA 2E

book

Article ID: 238528

calendar_today

Updated On:

Products

CA 2E

Issue/Introduction

Two CVE’s for New Spring4Shell Zero-Day Vulnerability:

- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

https://tanzu.vmware.com/security/cve-2022-22963

 - CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

https://tanzu.vmware.com/security/cve-2022-22965

Environment

All Supported Versions

Resolution

CA 2E does not use Spring and is not affected by Spring4Shell ZERO-day exploit CVE-2022-22963 and CVE-2022-22965