Hi,
I am looking at CVE-2022-22965 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965) and trying to find out if we are affected. We have a "regulard" ESXi (VMware ESXi, 6.7.0, 17700523 and VMware ESXi, 6.7.0, 17167734) installed on our environment. No special cloud stuff, only on prem.
We use vCenter Appliance 6.7.0.46000, and as I can see from the release notes it has Tomcat version 8.5.57. So I guess it is affected ?
What is the best way to find out if we are affected, not sure where to look, the name "Spring Framework" is not known to me. Do I need to ssh into a esxi host/vcenter, and check some hashes for example ?
Thanks for any guide.
/R
Andy
Hi Andy,
please check the VMware Security Advisory for your products here: https://www.vmware.com/security/advisories.html
Regarding CVE-2022-22965 you can see, that the Spring Framework is only used in VMware Tanz products: https://www.vmware.com/security/advisories/VMSA-2022-0010.html
So you should not be affected.
Regards
Daniel
Hi Andy,
please check the VMware Security Advisory for your products here: https://www.vmware.com/security/advisories.html
Regarding CVE-2022-22965 you can see, that the Spring Framework is only used in VMware Tanz products: https://www.vmware.com/security/advisories/VMSA-2022-0010.html
So you should not be affected.
Regards
Daniel