The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)

Jeff Boltz1
Kilo Guru

This 0-day is out:  

Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)

Spring Framework RCE, Early Announcement

Is this a threat/vulnerability for us and any action to take?

 

Edit:  Would ServiceNow instance or MID server be impacted?

5 REPLIES 5

Michael297
Tera Contributor

Can you clarify who the we is in this? I apologize but your questions feels a little out of place, and it seems you should look into your vulnerability scanners and make sure they are up to date to identify this vulnerability.

Is ServiceNow or MID servers affected?  Asking for a friend.

Martin Drenth
Tera Contributor

As far as I understand Java versions 9 or higher is impacted.

You can check which version your instance is running with:

https://[instance-name].service-now.com/xmlstats.do

Search for "system.java.version"

Our instance version is "1.8.0_275-snc1". Is this version affected?