Environment
- EDR Server: All Versions
- EDR Sensor: All Versions
Question
Is the EDR Sensor vulnerable to CVE-2022-22965 (Spring4Shell)?
Answer
No, this vulnerability does not affect any VMware EDR products.
Additional Notes
- Fixes and workarounds suggested: Upgrade to Spring Framework 5.3.18 and 5.2.20 in the next release.
- Additional URL discussing issue: