Security Advisories / Bulletins / vendors Responses linked to Spring4Shell (CVE-2022-22965)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Acronis : https://kb.acronis.com/fr/node/70402
Acunetix : https://www.acunetix.com/blog/web-security-zone/critical-alert-spring4shell-rce-cve-2022-22965-in-spring/
AppDynamics : https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability
Appian : https://community.appian.com/support/w/kb/2626/kb-2209-information-about-the-spring4shell-security-vulnerability-cve-2022-22965
Artic Wolf : https://arcticwolf.com/resources/blog/spring4shell
Generic : https://community.developer.atlassian.com/t/attention-cve-2022-22965-spring-framework-rce-investigation/57172
Shibboleth : https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631499/ReleaseNotes#4.1.6-(March-31,-2022)
Audi MSI : https://status.msi.audi.com/
Barracuda : https://blog.barracuda.com/2022/04/04/spring-framework-and-spring-cloud-function-vulnerabilities-what-you-need-to-know/
Bentley : https://communities.bentley.com/products/projectwise/f/projectwise-di-forum/227933/zero-day-vulnerability-discovered-in-java-spring-framework-aka-spring4shell-similar-to-log4shell-does-this-affect-projectwise-in-any-capacity/705672#705672
BluePrism : https://community.blueprism.com/communities/community-home/digestviewer/viewthread?GroupId=145&MessageKey=689f5600-1b0d-4a4b-a391-dbca90b86ede
CA App : https://knowledge.broadcom.com/external/article/238526/spring4shell-zeroday-exploit-cve20222296.html
CAMUNDA : https://forum.camunda.org/t/spring-remote-code-execution-rce-vulnerability-spring4shell/33848
Canon Printing : https://cpp.canon/spring4shell-vulnerability/
CheckPoint : https://blog.checkpoint.com/2022/04/05/16-of-organizations-worldwide-impacted-by-spring4shell-zero-day-vulnerability-exploitation-attempts-since-outbreak/
GENERIC : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
Claris : https://support.claris.com/s/article/Claris-FileMaker-products-and-the-Spring4Shell-vulnerability?language=en_US
Cloud Foundry Foundation : https://www.cloudfoundry.org/blog/cve-2022-22965-uaa-affected-by-spring-framework-rce-via-data-binding-on-jdk-9/
Commvault : https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html#cv2022041-spring-framework
ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/5202764027796#h_01FQ01JSF19SZ3BBDZ5PTZX5MC
Cyberes : https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-spring4shell
DELL : https://www.dell.com/support/kbdoc/fr-fr/000198134/vplex-vs2-vplex-vs6-false-positive-security-vulnerabilities-springshell
DHIS2 : https://community.dhis2.org/t/dhis2-patch-release-2-35-13-is-now-available-security-hotfix/46791
DynaTrace : https://www.dynatrace.com/news/security-alert/spring-framework-rce-springshell-cve-2022-22965/
Egnyte : https://helpdesk.egnyte.com/hc/en-us/articles/5291471550093-Spring4Shell-Zero-Day-Vulnerability-CVE-2022-22965-Update
ESRI : https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/spring-framework-rce-vulnerabilities/
ESET : https://forum.eset.com/topic/31966-spring4shell-rce-vulnerability-cve-2022-22965-eset-protect-webconsole-component/
EU E-ID : https://joinup.ec.europa.eu/collection/e-government-innovation-center-egiz/solution/moa-id/news/status-moa-id-spring4shell-cve-2022-22965
Extensis : https://help.extensis.com/hc/en-us/articles/5102289148955-Portfolio-and-Spring4Shell-Vulnerabilities
ExtremeNetworks : https://extremeportal.force.com/ExtrArticleDetail?an=000103717
F5 Networks : https://support.f5.com/csp/article/K11510688
Flexera : https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/Spring4Shell-CVE-2022-22963-amp-CVE-2022-22950-impact-on-FlexNet/ta-p/229892/jump-to/first-unread-message
GE (Look for ID 000022074) : https://digitalsupport.ge.com/en_US/Alert/GE-Security-Advisories
HapProxy : https://www.haproxy.com/fr/blog/april-2022-cve-2022-22965-spring4shell-remote-code-execution-mitigation/
HitachiVantara : https://knowledge.hitachivantara.com/Security/%22Spring4Shell%22_-_RCE_Vulnerability_in_Spring_Framework_(CVE_2022-22965)
Hyperproof : https://hyperproof.io/resource/spring4shell/
IFS : https://community.ifs.com/framework-experience-infrastructure-cloud-integration-dev-tools-50/spring4shell-cve-2022-22965-20324
Intershop : https://support.intershop.com/sws/
Jaspersoft : https://community.jaspersoft.com/wiki/java-spring-framework-vulnerability-update-jaspersoft-products
Jetbrains : https://youtrack.jetbrains.com/issue/TW-75604
Kofax : https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information
Konica Minolta : https://www.konicaminolta.fr/fr-fr/news/bulletin-de-securite-faille-critique-spring-4-shell
LanSweeper : https://www.lansweeper.com/forum/yaf_postst21117_Spring4Shell-and-Lansweeper.aspx#post67257
LaserFiche : https://support.laserfiche.com/kb/1014369/spring-framework-vulnerabilities-cve-2022-22965-cve-2022-22963-cve-2022-22947
Liveperson : https://knowledge.liveperson.com/whats-new/spring4shell-a-java-spring-framework-remote-code-execution-vulnerability/
ManageEngine : https://pitstop.manageengine.com/portal/en/community/topic/spring4shell-rce-vulnerability-cve-2022-22965-all-you-need-to-know
Microfocus : https://www.microfocus.com/en-us/about/product-security-response-center/cve-2022-22965-vulnerability
Microsoft : https://www.microsoft.com/security/blog/2022/04/04/springshell-rce-vulnerability-guidance-for-protecting-against-and-detecting-cve-2022-22965/
MicroStrategy : https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-the-Spring-Framework-Remote-Code-Execution-Vulnerability?language=en_US
ObjectifLune : https://learn.objectiflune.com/blog/security/statement-on-spring-mvc-webflux-vulnerability-cve-2022-22965/
Objective : https://www.objective.com.au/resources/blog-ongoing-investigation-into-springshell-vulnerability-and-mitigation-actions-for-objective-products
OneSPAN : https://www.onespan.com/support/security/psirt/advisories-responses/vulnerabilities-java-spring-framework-component-onespan-products
OpenSearch : opensearch-project/OpenSearch#2699
Optimal Systems : https://help.optimal-systems.com/rw/en/index.html
Oracle : https://community.oracle.com/mosc/discussion/4516594/two-vulnerabilities-discovered-in-spring-java-libraries-cve-2022-22963-and-spring4shell
PaloAlto Networks : https://security.paloaltonetworks.com/CVE-2022-22963
Progress : https://knowledgebase.progress.com/articles/Article/Is-iMacros-Vulnerable-to-CVE-2022-22965-Spring4Shell
PTC : https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search
Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Qlik-s-Response-to-March-2022-Spring-Framework-Vulnerabilities/ba-p/1913992
Ricoh : https://www.ricoh-europe.com/news-events/news/notice-of-the-potential-impact-of-cve-2022-22963-and-spring4shell-vulnerability-cve-2022-22965-on-ricoh-products-and-services/
RSA SecurID : https://community.securid.com/t5/general-security-advisories-and/rsa-customer-advisory-spring-framework-spring4shell/ta-p/675246
SAGE : https://www.sagecity.com/fr/sage-xrt-solutions/f/sage-xrt-solutions-annonces-informations-et-alertes/183601/faille-spring4shell-vulnerabilite-critique-dans-le-framework-spring
SailPoint : https://community.sailpoint.com/t5/Community-Announcements/Spring-Framework-RCE-vulnerability-Spring4Shell-CVE-2022-22965/ba-p/212914
Salesforce : https://status.salesforce.com/generalmessages/884
Trustwave : https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwaves-action-response-cve-2022-22965-and-cve-2022-22963/
UI : https://community.ui.com/releases/Statement-Regarding-Spring-CVE-2022-22965-2022-22950-and-2022-22963-001/19b2dc6f-4c36-436e-bd38-59ea0d6f1cb5
Vertigis : https://support.vertigis.com/hc/fr/articles/4909747208082-Informations-sur-la-vuln%C3%A9rabilit%C3%A9-Spring4Shell-CVE-2022-22965
VISMA : https://community.visma.com/t5/Driftinformation/Information-om-sarbarheten-kand-som-Spring4Shell/td-p/488563
Blockchain : https://kb.vmware.com/s/article/88203
Zimbra : https://blog.zimbra.com/2022/04/security-update-zimbra-not-vulnerable-to-recent-openssl-and-spring-rce-vulnerabilities/
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
This is for the SSO solution Shibboleth (Identity Provider). They did not manage to make the PoC work on this product, but decided to publish an update including Spring Framework 5.3.18 anyway.