Solved: CVE-2022-22963 and CVE-2022-22965

hd94 · ‎04-08-2022

On March 31, 2022 a pair of significant vulnerabilities were identified in the Java Spring Framework which would allow an attacker to execute malicious code.

CVE-2022-22963 - https://tanzu.vmware.com/security/cve-2022-22963
CVE-2022-22965 - https://tanzu.vmware.com/security/cve-2022-22965

It is critical for all of our vendors to determine if their software is impacted so that remediation steps can be taken. We need your company to respond to the following questions immediately:

Is your product impacted by CVE-2022-22963 or CVE-2022-22965?
Is your product built on Java?
Does your product depend on the Spring Cloud Function project? If so, what version?
Does your product depend on Spring Framework? If so, what version?
Does the product require JDK 9 or higher?
Does the product have a dependency on spring-webmvc?
Does the product have a dependency on spring-webflux?

richie · ‎04-11-2022

Hey @hd94,

I dont think any of the forum members will be able to answer your questions.

So! I think your best bet would be to raise a support ticket (youll need the productid key from a ReadyAPI license to submit the request) about this and let Smartbear get back to you on this.

Sorry cant be of more help,

Cheers,

Rich

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta

CVE-2022-22963 and CVE-2022-22965

CVE-2022-22963 and CVE-2022-22965

Error getting response; java.net.SocketTimeoutExce...

java.net.SocketTimeoutException: Read timed out

For graphql variables, data from the Grid, get ser...

"Update Definition" blanks out parameters in assoc...

smartbear testrunner. run array of test cases