VMware Cloud Community
Andywesh2
Contributor
Contributor
‎04-18-2022 11:40 PM
Jump to solution

CVE-2022-22965

Hi,

 

I am looking at CVE-2022-22965 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965) and trying to find out if we are affected. We have a "regulard" ESXi (VMware ESXi, 6.7.0, 17700523 and VMware ESXi, 6.7.0, 17167734) installed on our environment. No special cloud stuff, only on prem. 

We use vCenter Appliance 6.7.0.46000, and as I can see from the release notes it has Tomcat version 8.5.57. So I guess it is affected ?

What is the best way to find out if we are affected, not sure where to look, the name "Spring Framework" is not known to me. Do I need to ssh into a esxi host/vcenter, and check some hashes for example ?

 

Thanks for any guide.

/R

Andy

0 Kudos
1 Solution

Accepted Solutions
stadi13
Hot Shot
Hot Shot
‎04-19-2022 07:43 AM
Jump to solution

Hi Andy,

please check the VMware Security Advisory for your products here: https://www.vmware.com/security/advisories.html

Regarding CVE-2022-22965 you can see, that the Spring Framework is only used in VMware Tanz products: https://www.vmware.com/security/advisories/VMSA-2022-0010.html

So you should not be affected.

Regards

Daniel

View solution in original post

1 Reply
stadi13
Hot Shot
Hot Shot
‎04-19-2022 07:43 AM
Jump to solution

Hi Andy,

please check the VMware Security Advisory for your products here: https://www.vmware.com/security/advisories.html

Regarding CVE-2022-22965 you can see, that the Spring Framework is only used in VMware Tanz products: https://www.vmware.com/security/advisories/VMSA-2022-0010.html

So you should not be affected.

Regards

Daniel