dSeries Web Client (Web UI) 12.4 scan shows Vmware Spring: CVE-2022-22965

search cancel

dSeries Web Client (Web UI) 12.4 scan shows Vmware Spring: CVE-2022-22965

book

Article ID: 435171

calendar_today

Updated On:

Products

ESP dSeries Workload Automation ESP dSeries Workload Automation - Scheduler (dSeries)

Issue/Introduction

The scan of dSeries Web client 12.4 may report this CVE:

Vmware Spring: CVE-2022-22965: Spring Framework RCE via Data Binding

Environment

ESP dSeries Workload Automation: 12.4 or below

Cause

Older Spring Framework version in the Web Client.

Resolution

The dSeries Web Client with version 25.0 ships with newer. Spring Framework version 6.1.20 is shipped and is not vulnerable.

It is recommended to upgrade the web client to newer version. Note: Some features will not work if the server is on older server version. User administration will not work if client is at 25.x and server is at 12.4 or below.

Feedback

thumb_up Yes

thumb_down No