Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2022 08:38 AM
This 0-day is out:
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
Spring Framework RCE, Early Announcement
Is this a threat/vulnerability for us and any action to take?
Edit: Would ServiceNow instance or MID server be impacted?
- Labels:
-
Vulnerability Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2022 08:49 AM
Can you clarify who the we is in this? I apologize but your questions feels a little out of place, and it seems you should look into your vulnerability scanners and make sure they are up to date to identify this vulnerability.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2022 09:45 AM
Is ServiceNow or MID servers affected? Asking for a friend.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2022 10:58 AM
As far as I understand Java versions 9 or higher is impacted.
You can check which version your instance is running with:
https://[instance-name].service-now.com/xmlstats.do
Search for "system.java.version"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2022 02:20 PM
Our instance version is "1.8.0_275-snc1". Is this version affected?
