search cancel

CVE-2022-22950 : Spring Framework Denial of Service (DoS) Vulnerability - is UIM impacted?

book

Article ID: 244132

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

CVE-2022-22950 : Spring Framework Denial of Service (DoS) Vulnerability

In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Is UIM impacted by this vulnerability?

Resolution

UIM is not impacted by this vulnerability.  It requires the user to provide a specially crafted SpEL expression, however, UIM does not accept such expressions and there is no way for the user to access this vulnerability.

Additional Information

changelog:

6/17/2022 : 10:49am ET  -  initial article creation

11/3/2022: 12:08pm ET - updated KB with details on why we are not impacted.