Checkmk is not affected by Spring4Shell (CVE-2022-22965)

Problem

Spring4Shell is a critical vulnerability. CVE-2022-22965 in Spring – the open-source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring framework’s popularity.

Solution

Checkmk is aware of the vulnerability and has completed verification that this issue does not affect Checkmk itself and the Checkmk appliance, as we are not using the spring framework in our products. 

Related articles

• Page:
  Troubleshooting CVE-Check CVE-2021-44228 Log4j is crashing on Windows
• Page:
  Checkmk is not affected by Spring4Shell (CVE-2022-22965)
• Page:
  Checkmk is not affected by Log4j (CVE-2021-44228)
• Page:
  Checkmk is not affected by Dirty Pipe Exploit (CVE-2022-0847)
• Page:
  Considerations before running the agent as an unprivileged user