Spring Framework Vulnerability: CVE-2022-22965
NXLog is aware of the "Spring4Shell" vulnerability that was reported by VMWare last week and the resulting CVE-2022-22965. This vulnerability is a Remote Code Execution (RCE) type vulnerabiltiy impacting Spring Framework
while running Apache Tomcat
as the servlet container while running on Java version 9
and higher.
The NXLog Manager product uses the Spring Framework
, though we use Jetty
as our servlet container and only support Java version 7
and Java version 8
currently.
We are not impacted or affected by this vulnerability.
Please feel free to contact support if there are any additional questions.
References:
https://tanzu.vmware.com/security/cve-2022-22965
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965