search cancel

Threat Defense for Active Directory and Spring4Shell vulnerability CVE-2022-22965

book

Article ID: 240506

calendar_today

Updated On:

Products

Endpoint Threat Defense for Active Directory

Issue/Introduction

Researchers have found a remote code execution 0-day vulnerability (dubbed Spring4Shell and SpringShell) in the Spring Core Java framework that allows unauthenticated remote code execution.

Cause

This RCE 0-day vulnerability exists in the Spring Core with the JDK version greater than or equal to 9.0. It allows an unauthenticated attacker to execute arbitrary code on the target system. The Spring Framework is a popular Java platform that provides comprehensive infrastructure support for developing Java applications.

Resolution

Broadcom has  released product version 3.6.2.6 to address  this vulnerability.  Update can be downloaded from Broadcom Support portal.