Spring Framework Vulnerability: CVE-2022-22965

NXLog is aware of the "Spring4Shell" vulnerability that was reported by VMWare last week and the resulting CVE-2022-22965. This vulnerability is a Remote Code Execution (RCE) type vulnerabiltiy impacting Spring Framework while running Apache Tomcat as the servlet container while running on Java version 9 and higher.

The NXLog Manager product uses the Spring Framework, though we use Jetty as our servlet container and only support Java version 7 and Java version 8 currently.
We are not impacted or affected by this vulnerability.

Please feel free to contact support if there are any additional questions.

References:
https://tanzu.vmware.com/security/cve-2022-22965
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965

Share this post