Reset Search



KB45117 - CVE-2022-22963: Spring4Shell RCE Vulnerability

« Go Back


Last Modified Date4/4/2022 3:23 PM
Problem or Goal

A vulnerability has been reported on the 31st of March 2022 under

Description - In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.


Ivanti Pulse Secure has completed this investigation.
ProductNot Affected
Pulse Secure Virtual Traffic ManagerNot Affected
Pulse Secure Services DirectorNot Affected
Pulse Secure Web Application FirewallNot Affected
Pulse Connect SecureNot Affected
Ivanti Connect Secure (ICS)Not Affected
Pulse Policy SecureNot Affected
Pulse Desktop ClientNot Affected
Pulse Mobile ClientNot Affected
Pulse OneNot Affected
Pulse ZTANot Affected
Ivanti Neurons for ZTANot Affected
Ivanti Neurons for secure AccessNot Affected
Related Links
Attachment 1 
Created BySterling Parker



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255