Spring Framework Vulnerability: CVE-2022-22965

NXLog is aware of the "Spring4Shell" vulnerability that was reported by VMWare last week and the resulting CVE-2022-22965. This vulnerability is a Remote Code Execution (RCE) type vulnerabiltiy impacting Spring Framework while running Apache Tomcat as the servlet container while running on Java version 9 and higher.

The NXLog Manager product uses the Spring Framework, though we use Jetty as our servlet container and only support Java version 7 and Java version 8 currently.
We are not impacted or affected by this vulnerability.

Please feel free to contact support if there are any additional questions.


Share this post