BlueTeam CheatSheet * Spring4Shell* | Last updated: 2022-04-16 1722 UTC

20220401-TLP-WHITE_Spring4Shell.md

Security Advisories / Bulletins / vendors Responses linked to Spring4Shell (CVE-2022-22965)

Errors, typos, something to say ?

• If you want to add a link, comment or send it to me
• Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0-9

A

Acronis : https://kb.acronis.com/fr/node/70402

Acunetix : https://www.acunetix.com/blog/web-security-zone/critical-alert-spring4shell-rce-cve-2022-22965-in-spring/

Addigy : https://addigy.com/blog/spring4shell-statement/

Aerospike : https://discuss.aerospike.com/t/cve-2022-22965-spring4shell-rce-analysis/9310

AppDynamics : https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability

Appian : https://community.appian.com/support/w/kb/2626/kb-2209-information-about-the-spring4shell-security-vulnerability-cve-2022-22965

Armory : https://www.armory.io/blog/cve-2022-22965-spring-rce-which-does-not-impact-spinnaker/

Artic Wolf : https://arcticwolf.com/resources/blog/spring4shell

Aruba : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-006.txt

Atlassian

Generic : https://community.developer.atlassian.com/t/attention-cve-2022-22965-spring-framework-rce-investigation/57172

Shibboleth : https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631499/ReleaseNotes#4.1.6-(March-31,-2022)

Audi MSI : https://status.msi.audi.com/

Avaya : https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399847128146

B

Barracuda : https://blog.barracuda.com/2022/04/04/spring-framework-and-spring-cloud-function-vulnerabilities-what-you-need-to-know/

Bentley : https://communities.bentley.com/products/projectwise/f/projectwise-di-forum/227933/zero-day-vulnerability-discovered-in-java-spring-framework-aka-spring4shell-similar-to-log4shell-does-this-affect-projectwise-in-any-capacity/705672#705672

BigFix : https://forum.bigfix.com/t/spring-framework-rce-vulnerability-current-bigfix-actions/41216

Bitnami : https://docs.bitnami.com/azure/security/security-2022-03-31/

BluePrism : https://community.blueprism.com/communities/community-home/digestviewer/viewthread?GroupId=145&MessageKey=689f5600-1b0d-4a4b-a391-dbca90b86ede

Blueriq : https://www.blueriq.com/actueel/maatregelen-cve22950-22963-22965

BMC : https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=000395541

Broadcom

CA : https://knowledge.broadcom.com/external/article?articleId=238270

CA App : https://knowledge.broadcom.com/external/article/238526/spring4shell-zeroday-exploit-cve20222296.html

C

CAMUNDA : https://forum.camunda.org/t/spring-remote-code-execution-rce-vulnerability-spring4shell/33848

Canon Printing : https://cpp.canon/spring4shell-vulnerability/

CheckPoint : https://blog.checkpoint.com/2022/04/05/16-of-organizations-worldwide-impacted-by-spring4shell-zero-day-vulnerability-exploitation-attempts-since-outbreak/

Cisco Talos : https://blog.talosintelligence.com/2022/03/threat-advisory-spring4shell.html

Cisco

GENERIC : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

AST : https://bst.cisco.com/quickview/bug/CSCwb43658

Claris : https://support.claris.com/s/article/Claris-FileMaker-products-and-the-Spring4Shell-vulnerability?language=en_US

Cloud Foundry Foundation : https://www.cloudfoundry.org/blog/cve-2022-22965-uaa-affected-by-spring-framework-rce-via-data-binding-on-jdk-9/

CloudSign : https://www.cloudsign.jp/info/20220401_information/

CM.com : https://www.cm.com/blog/cmcom-response-to-zero-day-in-spring-core-framework/

Commvault : https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html#cv2022041-spring-framework

ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/5202764027796#h_01FQ01JSF19SZ3BBDZ5PTZX5MC

Cyberes : https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-spring4shell

D

Datto : https://www.datto.com/blog/dattos-response-to-spring4shell

Debian : https://security-tracker.debian.org/tracker/CVE-2022-22965

DELL : https://www.dell.com/support/kbdoc/fr-fr/000198134/vplex-vs2-vplex-vs6-false-positive-security-vulnerabilities-springshell

DHIS2 : https://community.dhis2.org/t/dhis2-patch-release-2-35-13-is-now-available-security-hotfix/46791

DynaTrace : https://www.dynatrace.com/news/security-alert/spring-framework-rce-springshell-cve-2022-22965/

E

Egnyte : https://helpdesk.egnyte.com/hc/en-us/articles/5291471550093-Spring4Shell-Zero-Day-Vulnerability-CVE-2022-22965-Update

Enovation : https://enovationgroup.com/nl/nieuws/spring4shell-vulnerability-cve-2022-22965/

ESRI : https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/spring-framework-rce-vulnerabilities/

ESET : https://forum.eset.com/topic/31966-spring4shell-rce-vulnerability-cve-2022-22965-eset-protect-webconsole-component/

EU E-ID : https://joinup.ec.europa.eu/collection/e-government-innovation-center-egiz/solution/moa-id/news/status-moa-id-spring4shell-cve-2022-22965

Extensis : https://help.extensis.com/hc/en-us/articles/5102289148955-Portfolio-and-Spring4Shell-Vulnerabilities

ExtremeNetworks : https://extremeportal.force.com/ExtrArticleDetail?an=000103717

F

F5 Networks : https://support.f5.com/csp/article/K11510688

Flexera : https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/Spring4Shell-CVE-2022-22963-amp-CVE-2022-22950-impact-on-FlexNet/ta-p/229892/jump-to/first-unread-message

Foreman : https://community.theforeman.org/t/is-cve-2022-22965-an-issue-for-foreman/28001

ForgeRock : https://backstage.forgerock.com/knowledge/kb/article/a21709600

Fortinet : https://www.fortiguard.com/psirt/FG-IR-22-072

G

GE (Look for ID 000022074) : https://digitalsupport.ge.com/en_US/Alert/GE-Security-Advisories

Geoserver : https://geoserver.org/announcements/vulnerability/2022/04/01/spring.html

GitLab : https://about.gitlab.com/blog/2022/04/07/updates-regarding-spring-rce-vulnerabilities/

GraphDB : https://www.ontotext.com/blog/graphdb-and-cve-2022-22965-aka-spring4shell/

H

HapProxy : https://www.haproxy.com/fr/blog/april-2022-cve-2022-22965-spring4shell-remote-code-execution-mitigation/

HCL : https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097763

HitachiVantara : https://knowledge.hitachivantara.com/Security/%22Spring4Shell%22_-_RCE_Vulnerability_in_Spring_Framework_(CVE_2022-22965)

Hyperproof : https://hyperproof.io/resource/spring4shell/

I

IFS : https://community.ifs.com/framework-experience-infrastructure-cloud-integration-dev-tools-50/spring4shell-cve-2022-22965-20324

Intercom : https://www.intercomstatus.com/incidents/7p27hqny602p

Intershop : https://support.intershop.com/sws/

Invicti : https://www.invicti.com/blog/web-security/understanding-your-spring-4-shell-risk/

J

Jamf : https://community.jamf.com/t5/jamf-pro/spring4shell-vulnerability/td-p/262584

Jaspersoft : https://community.jaspersoft.com/wiki/java-spring-framework-vulnerability-update-jaspersoft-products

Jenkins : https://www.jenkins.io/blog/2022/03/31/spring-rce-CVE-2022-22965/

Jetbrains : https://youtrack.jetbrains.com/issue/TW-75604

JFROG : https://jfrog.com/blog/springshell-zero-day-vulnerability-all-you-need-to-know/

K

Keypass : https://sourceforge.net/p/keepass/discussion/329220/thread/5234c16452/?limit=25

Kofax : https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information

Konica Minolta : https://www.konicaminolta.fr/fr-fr/news/bulletin-de-securite-faille-critique-spring-4-shell

L

LandData : https://www.landdata.de/neuigkeiten/sicherheitsluecke-spring4shell

LanSweeper : https://www.lansweeper.com/forum/yaf_postst21117_Spring4Shell-and-Lansweeper.aspx#post67257

LaserFiche : https://support.laserfiche.com/kb/1014369/spring-framework-vulnerabilities-cve-2022-22965-cve-2022-22963-cve-2022-22947

Liveperson : https://knowledge.liveperson.com/whats-new/spring4shell-a-java-spring-framework-remote-code-execution-vulnerability/

M

ManageEngine : https://pitstop.manageengine.com/portal/en/community/topic/spring4shell-rce-vulnerability-cve-2022-22965-all-you-need-to-know

Microfocus : https://www.microfocus.com/en-us/about/product-security-response-center/cve-2022-22965-vulnerability

Microsoft : https://www.microsoft.com/security/blog/2022/04/04/springshell-rce-vulnerability-guidance-for-protecting-against-and-detecting-cve-2022-22965/

MicroStrategy : https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-the-Spring-Framework-Remote-Code-Execution-Vulnerability?language=en_US

N

Netapp : https://security.netapp.com/advisory/ntap-20220331-0011/

Nexus : https://doc.nexusgroup.com/display/PUB/Spring4Shell+Vulnerability

Nuspire : https://www.nuspire.com/blog/spring4shell-zero-day-attack-what-you-need-to-know/

NXLOG : https://nxlog.co/news/spring-framework-vulnerability-cve-2022-22965

O

ObjectifLune : https://learn.objectiflune.com/blog/security/statement-on-spring-mvc-webflux-vulnerability-cve-2022-22965/

Objective : https://www.objective.com.au/resources/blog-ongoing-investigation-into-springshell-vulnerability-and-mitigation-actions-for-objective-products

Okta : https://sec.okta.com/articles/2022/04/oktas-response-cve-2022-22965-spring4shell

OneSPAN : https://www.onespan.com/support/security/psirt/advisories-responses/vulnerabilities-java-spring-framework-component-onespan-products

OpenNMS : https://www.opennms.com/en/blog/2022-04-01-opennms-springshell/

OpenSearch : opensearch-project/OpenSearch#2699

Optimal Systems : https://help.optimal-systems.com/rw/en/index.html

Oracle : https://community.oracle.com/mosc/discussion/4516594/two-vulnerabilities-discovered-in-spring-java-libraries-cve-2022-22963-and-spring4shell

Origina : https://www.origina.com/blog/spring4shell-vulnerability-update-april-8-2022

OxygenXML : https://www.oxygenxml.com/security/advisory/CVE-2022-22965.html

P

PaloAlto Networks : https://security.paloaltonetworks.com/CVE-2022-22963

Precisely : https://customer.precisely.com/s/article/Precisely-Software-Spring4Shell?language=en_US

Progress : https://knowledgebase.progress.com/articles/Article/Is-iMacros-Vulnerable-to-CVE-2022-22965-Spring4Shell

PulseSecure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB45126/?kA13Z000000L3sW

PTC : https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search

Q

Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Qlik-s-Response-to-March-2022-Spring-Framework-Vulnerabilities/ba-p/1913992

R

Raytion : https://www.raytion.com/cve-2022-22965-communication.html

RedHat : https://access.redhat.com/security/cve/CVE-2022-22965

Ricoh : https://www.ricoh-europe.com/news-events/news/notice-of-the-potential-impact-of-cve-2022-22963-and-spring4shell-vulnerability-cve-2022-22965-on-ricoh-products-and-services/

RSA SecurID : https://community.securid.com/t5/general-security-advisories-and/rsa-customer-advisory-spring-framework-spring4shell/ta-p/675246

S

SAGE : https://www.sagecity.com/fr/sage-xrt-solutions/f/sage-xrt-solutions-annonces-informations-et-alertes/183601/faille-spring4shell-vulnerabilite-critique-dans-le-framework-spring

SailPoint : https://community.sailpoint.com/t5/Community-Announcements/Spring-Framework-RCE-vulnerability-Spring4Shell-CVE-2022-22965/ba-p/212914

Salesforce : https://status.salesforce.com/generalmessages/884

SAP : https://userapps.support.sap.com/sap/support/knowledge/mimes/call.htm?number=3171058

ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1116003

SolarWinds : https://www.solarwinds.com/trust-center/security-advisories/spring4shell

SonarSource : https://community.sonarsource.com/t/sonarqube-sonarcloud-and-spring4shell/60926

SonaType : https://blog.sonatype.com/new-0-day-spring-framework-vulnerability-confirmed

SonicWall : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005

Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20220401-spring-rce

SOTI : https://discussions.soti.net/thread/spring4shell

Spring : https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

SUSE : https://www.suse.com/security/cve/CVE-2022-22965.html

T

TIBCO : https://www.tibco.com/support/notices/spring-framework-vulnerability-update

Tomsawyer : https://www.tomsawyer.com/spring4shell-security-vulnerability

Trend Micro: https://success.trendmicro.com/dcx/s/solution/000290773?language=en_US

Trustwave : https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwaves-action-response-cve-2022-22965-and-cve-2022-22963/

U

Ubuntu : https://ubuntu.com/security/CVE-2022-22965

UI : https://community.ui.com/releases/Statement-Regarding-Spring-CVE-2022-22965-2022-22950-and-2022-22963-001/19b2dc6f-4c36-436e-bd38-59ea0d6f1cb5

Unidata : https://www.unidata.ucar.edu/blogs/news/entry/upgrade-tds-5-to-latest

V

Veritas : https://www.veritas.com/content/support/en_US/article.100052799

Vertigis : https://support.vertigis.com/hc/fr/articles/4909747208082-Informations-sur-la-vuln%C3%A9rabilit%C3%A9-Spring4Shell-CVE-2022-22965

VISMA : https://community.visma.com/t5/Driftinformation/Information-om-sarbarheten-kand-som-Spring4Shell/td-p/488563

VMware

TANZU : https://tanzu.vmware.com/security/cve-2022-22965

Blockchain : https://kb.vmware.com/s/article/88203

W

Wowza : https://www.wowza.com/community/t/spring-framework-cve-2022-22963-and-2022-22965/94781

X

XM Cyber : https://www.xmcyber.com/blog/xm-cyber-advisory-spring4shell-zero-day/

Y

Z

Zimbra : https://blog.zimbra.com/2022/04/security-update-zimbra-not-vulnerable-to-recent-openssl-and-spring-rce-vulnerabilities/

ZorgTTP : https://www.zorgttp.nl/spring4shell-kwetsbaarheid-geen-impact-op-zorgttp-dienstverlening/

Errors, typos, something to say ?

• If you want to add a link, comment or send it to me
• Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-006.txt

-> ADDED, Thanks.

https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631499/ReleaseNotes#4.1.6-(March-31,-2022)

-> Seems this link is more generic : https://community.developer.atlassian.com/t/attention-cve-2022-22965-spring-framework-rce-investigation/57172
What is different from yours?
Thanks,
S.H.

Symantec Products (not affected)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20427

https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631499/ReleaseNotes#4.1.6-(March-31,-2022)

-> Seems this link is more generic : https://community.developer.atlassian.com/t/attention-cve-2022-22965-spring-framework-rce-investigation/57172 What is different from yours? Thanks, S.H.

This is for the SSO solution Shibboleth (Identity Provider). They did not manage to make the PoC work on this product, but decided to publish an update including Spring Framework 5.3.18 anyway.