Reset Search
 

 

Article

KB45117 - CVE-2022-22963: Spring4Shell RCE Vulnerability

« Go Back

Information

 
Last Modified Date4/4/2022 3:23 PM
Synopsis
Problem or Goal

A vulnerability has been reported on the 31st of March 2022 under https://tanzu.vmware.com/security/cve-2022-22963

Description - In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Cause

Ivanti Pulse Secure has completed this investigation.
 
ProductNot Affected
Pulse Secure Virtual Traffic ManagerNot Affected
Pulse Secure Services DirectorNot Affected
Pulse Secure Web Application FirewallNot Affected
Pulse Connect SecureNot Affected
Ivanti Connect Secure (ICS)Not Affected
Pulse Policy SecureNot Affected
Pulse Desktop ClientNot Affected
Pulse Mobile ClientNot Affected
Pulse OneNot Affected
Pulse ZTANot Affected
Ivanti Neurons for ZTANot Affected
Ivanti Neurons for secure AccessNot Affected
Solution
Related Links
Attachment 1 
Created BySterling Parker

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255