Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.13.20, 8.20.8, 8.22.2
Affects Version/s: 8.13.19, 8.20.7, 8.22.1
Component/s: Security
Labels:
None

Introduced in Version:
8.13
Symptom Severity:
Severity 1 - Critical

The prescribed mitigation for the Spring Framework RCE (CVE-2022-22965) is to upgrade Tomcat.

Reference: https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative

Yesterday we [Spring] announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcat’s side.

relates to

JSWSERVER-21350 Tracking Resolution of Issue Described in FAQ for CVE-2022-22965

Closed

JPOSERVER-4353 Upgrade an external library to fix the vulnerability CVE-2022-22965

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 mentioned in)

Assignee:: Karol Skwierawski
Reporter:: Daniel R
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: 04/May/2022 7:27 PM
Updated:: 30/Jan/2023 9:21 PM
Resolved:: 04/May/2022 7:34 PM