VMware Response to CVE-2022-42889: Apache Commons Text vulnerability
book
Article ID: 323212
calendar_today
Updated On:
Products
VMware
Issue/Introduction
On October, 13th 2022 the Apache Commons Text team disclosed CVE-2022-42889 - a potentially critical vulnerability which could result in remote code execution if Apache Commons Text is configured to consume untrusted input and other conditions are met.
The VMware Security Response Center (vSRC) has been working with our various product engineering teams in an attempt to determine if any VMware products that ship with Apache Commons Text are vulnerable to exploitation via CVE-2022-42889.
Resolution
Investigations have concluded, no VMware products have been found to be impacted by CVE-2022-42889 in a way that would allow for meaningful exploitation of the vulnerability. Regardless, VMware products that consume Apache Commons Text will update the package as a precautionary measure in future releases.