ID 1090501439
Created Mar 31, 2022
Updated Mar 31, 2022
Outbreak Alert Spring4Shell Vulnerability
Severity dark-circle dark-circle dark-circle dark-circle dark-circle
Default Action pass
Active switch-on-logo
Affected OS Windows, Linux, MacOS
Affected App Other

Legend

Enabled/Available switch-on-logo
Disabled/Not Available switch-off-logo

Update History

Date Version Detail
2022-03-31 0.00317

Threat Encyclopedia

Spring.Framework.SerializationUtils.Insecure.Deserialization

description-logoDescription

This indicates an attack attempt to exploit an Insecure Deserialization in Spring Framework.
The vulnerability is due to insufficient validation of user supplied inputs. Successful exploitation could result in remote code execution.

affected-products-logoAffected Products

Spring Framework 5.3.0 to 5.3.17
5.2.0 to 5.2.19
Older, unsupported versions are also affected

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tanzu.vmware.com/security/cve-2022-22965

CVE References

CVE-2022-22965