Symantec Security Advisory - CVE-2022-22965 (Spring4Shell)
search cancel

Symantec Security Advisory - CVE-2022-22965 (Spring4Shell)

book

Article ID: 238591

calendar_today

Updated On:

Products

ProxySG Software - SGOS Content Analysis Software Management Center Management Center - VA Reporter Reporter-VA Reporter-S500 ISG Proxy ISG Content Analysis

Issue/Introduction

You would like to determine whether Symantec proxy family products are susceptible to CVE-2022-22965.

Symantec is investigating CVE-2022-22965, known as Spring4Shell, which is an RCE vulnerability in the Spring Framework. When exploited, the vulnerability allows an unauthenticated attacker to execute arbitrary code on the target system.

Cause

According to a vulnerability report released by VMware on March 31, 2022, a Spring Framework application running on Java Development Kit version 9 or later may be vulnerable to remote code execution attacks and follow-on exploitation under certain conditions. This vulnerability has been assigned CVE-2022-22965 and is known as “Spring4Shell.” 

Resolution

For up-to-date information regarding how this vulnerability affects the Symantec family of products, please refer to SA 20427.