Checkmk is not affected by Spring4Shell (CVE-2022-22965)

Owned by Former user (Deleted)
Last updated: Sept 19, 2024 by Matthew Hierholzer
1 min read

A newly revealed vulnerability impacting Spring MVC or Spring WebFlux application running on JDK 9+ and registered as CVE-2022-22965 with the highest severity rating.

LAST TESTED ON CHECKMK 2.0P15

Table of Contents

Problem

Spring4Shell is a critical vulnerability. CVE-2022-22965 in Spring – the open-source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring framework’s popularity.

Solution

Checkmk is aware of the vulnerability and has completed verification that this issue does not affect Checkmk itself and the Checkmk appliance, as we are not using the spring framework in our products.