Hi Team ,
We are using APM Agent 1.28.1. We would like to know if this version is impacted by Spring Framework RCE vulnerability [CVE-2022-22965] - https://tanzu.vmware.com/security/cve-2022-22965
Hi Team ,
We are using APM Agent 1.28.1. We would like to know if this version is impacted by Spring Framework RCE vulnerability [CVE-2022-22965] - https://tanzu.vmware.com/security/cve-2022-22965
Hi and welcome to our forum.
The Java agent doesn't use nor is shipped with any Spring dependency, so this vulnerability is related to your application dependencies, rather than the agent version.
Regardless, it is advisable to upgrade to 1.28.4 or higher, with regards to the Log4Shell vulnerability.
Thank you @Eyal_Koren
This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.