Symantec Security Advisory - CVE-2022-22965 (Spring4Shell)
search cancel

Symantec Security Advisory - CVE-2022-22965 (Spring4Shell)


Article ID: 238591


Updated On:


ProxySG Software - SGOS Content Analysis Software Management Center Management Center - VA Reporter Reporter-VA Reporter-S500 ISG Proxy ISG Content Analysis


You would like to determine whether Symantec proxy family products are susceptible to CVE-2022-22965.

Symantec is investigating CVE-2022-22965, known as Spring4Shell, which is an RCE vulnerability in the Spring Framework. When exploited, the vulnerability allows an unauthenticated attacker to execute arbitrary code on the target system.


According to a vulnerability report released by VMware on March 31, 2022, a Spring Framework application running on Java Development Kit version 9 or later may be vulnerable to remote code execution attacks and follow-on exploitation under certain conditions. This vulnerability has been assigned CVE-2022-22965 and is known as “Spring4Shell.” 


For up-to-date information regarding how this vulnerability affects the Symantec family of products, please refer to SA 20427.