Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

A newly revealed vulnerability impacting Spring MVC or Spring WebFlux application running on JDK 9+ and registered as CVE-2022-22965 with the highest severity rating.

LAST TESTED ON CHECKMK 2.2.0P1

Problem

Spring4Shell is a critical vulnerability. CVE-2022-22965 in Spring – the open-source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring framework’s popularity.

Solution

Checkmk is aware of the vulnerability and has completed verification that this issue does not affect Checkmk itself and the Checkmk appliance, as we are not using the spring framework in our products. 

  • No labels