Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Environment

EDR Server: All Versions
EDR Sensor: All Versions

Question

Is the EDR Sensor vulnerable to CVE-2022-22965 (Spring4Shell)?

Answer

No, this vulnerability does not affect any VMware EDR products.

Additional Notes

Following URL will contain any product-specific guidance if any further information becomes available: https://community.carbonblack.com/t5/Threat-Research/ct-p/threat-research
The Spring engineering team has a detailed blog post that is being regularly updated with the latest information about the threat:

Spring Framework RCE, Early Announcement

Fixes and workarounds suggested: Upgrade to Spring Framework 5.3.18 and 5.2.20 in the next release.
Additional URL discussing issue:

CVE-2022-22965 | Security

Article Information

Author:

Creation Date:

‎04-11-2022

Views:

307