Hi Team ,
We are using APM Agent 1.28.1. We would like to know if this version is impacted by Spring Framework RCE vulnerability [CVE-2022-22965] - https://tanzu.vmware.com/security/cve-2022-22965
Hi and welcome to our forum.
The Java agent doesn't use nor is shipped with any Spring dependency, so this vulnerability is related to your application dependencies, rather than the agent version.
Regardless, it is advisable to upgrade to 1.28.4 or higher, with regards to the Log4Shell vulnerability.
1 Like
This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.