EDR: Is Sensor Vulnerable to CVE-2022-22965 (Spring4Shell)?
search cancel

EDR: Is Sensor Vulnerable to CVE-2022-22965 (Spring4Shell)?

book

Article ID: 291974

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Is the EDR Sensor vulnerable to CVE-2022-22965 (Spring4Shell)?

Environment

  • EDR Server: All Versions
  • EDR Sensor: All Versions

Resolution

No, this vulnerability does not affect any VMware EDR products.

Additional Information

  • Following URL will contain any product-specific guidance if any further information becomes available: https://community.carbonblack.com/t5/Threat-Research/ct-p/threat-research
  • The Spring engineering team has a detailed blog post that is being regularly updated with the latest information about the threat:
 https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
  • Fixes and workarounds suggested: Upgrade to Spring Framework 5.3.18 and 5.2.20 in the next release.
  • Additional URL discussing issue: 
https://tanzu.vmware.com/security/cve-2022-22965
 
Powered by Wolken Software