Java Apm Agent - Spring4Shell

Amar_Sharma · April 4, 2022, 9:03am

Hi Team ,

We are using APM Agent 1.28.1. We would like to know if this version is impacted by Spring Framework RCE vulnerability [CVE-2022-22965] - https://tanzu.vmware.com/security/cve-2022-22965

Eyal_Koren · April 4, 2022, 9:38am

Hi and welcome to our forum.

The Java agent doesn't use nor is shipped with any Spring dependency, so this vulnerability is related to your application dependencies, rather than the agent version.

Regardless, it is advisable to upgrade to 1.28.4 or higher, with regards to the Log4Shell vulnerability.

Amar_Sharma · April 4, 2022, 9:59am

Thank you @Eyal_Koren

system · April 25, 2022, 5:59am

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CVE-2021-45105 and CVE-2020-9488 vulnerabilities with java apm agent 1.28.4 APM java	4	1626	February 9, 2022
Elastic-apm-agent-1.33.0.jar flagged by security scan APM java	5	451	March 24, 2023
CVE-2020-9488 vulnerabilities with java apm agent 1.34.1 APM java	2	1746	December 7, 2022
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 Security Announcements	7	347721	November 4, 2022
APM Java agent v1.27.0+ instrumention errors on modulepath APM java	5	734	January 25, 2022

Java Apm Agent - Spring4Shell

Related topics