Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

EDR Server: All Versions
EDR Sensor: All Versions

Question

Is the EDR Sensor vulnerable to CVE-2022-22965 (Spring4Shell)?

Answer

No, this vulnerability does not affect any VMware EDR products.

Additional Notes

Following URL will contain any product-specific guidance if any further information becomes available: https://community.carbonblack.com/t5/Threat-Research/ct-p/threat-research
The Spring engineering team has a detailed blog post that is being regularly updated with the latest information about the threat:

Spring Framework RCE, Early Announcement

Fixes and workarounds suggested: Upgrade to Spring Framework 5.3.18 and 5.2.20 in the next release.
Additional URL discussing issue:

CVE-2022-22965 | Security

Article Information

Author:

Creation Date:

‎04-11-2022

Views:

442

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.