Return
-
Title
Impact of CVE-2022-22965 SpringShell/Spring4Shell vulnerability -
Description
A critical vulnerability was recently discovered related to systems/software that run the Spring Framework. More information about this vulnerability can be found here:https://www.veracode.com/blog/security-news/spring-framework-remote-code-execution-cve-2022-22965 -
Cause
This is an industry-wide vulnerability affecting SpringShell/Spring4Shell itself and is not specific to Change Auditor. -
Resolution
Change Auditor does not use Spring, therefore is not affected by CVE-2022-22965.NOTE: If you are licensed for and use Threat Detection, it is also not affected by this vulnerability. TD does use an older version of Spring (4.2.8) and Java JDK8, however, as per the description of the vulnerability, JDK9+ is a requirement for this CVE.