Java Apm Agent - Spring4Shell

Hi Team ,

We are using APM Agent 1.28.1. We would like to know if this version is impacted by Spring Framework RCE vulnerability [CVE-2022-22965] - https://tanzu.vmware.com/security/cve-2022-22965

Hi and welcome to our forum.

The Java agent doesn't use nor is shipped with any Spring dependency, so this vulnerability is related to your application dependencies, rather than the agent version.

Regardless, it is advisable to upgrade to 1.28.4 or higher, with regards to the Log4Shell vulnerability.

1 Like

Thank you @Eyal_Koren

1 Like

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.