VMware Release Security Updates To Fix Spring4Shell RCE Flaw

Share post:

VMware has released security updates to fix the critical remote code execution (RCE) flaw known as Spring4Shell.

The bug affects several of the company’s cloud computing and virtualisation products.

The bug, which is tracked as CVE-2022-22965, was found in the Spring Core Java framework and can be exploited without authentication.

The vulnerability has a severity of 9.8 out of 10. This means that it could be used by any malicious actor to gain access to vulnerable applications.

It can then be used to execute arbitrary commands and take complete control of a target system.

Affected products include VMware Tanzu Application Service for VMs (versions 2.10 to 2.13), VMware Tanzu Operations Manager (versions 2.8 to 2.9), and VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) versions 1.11 to 1.13.

Security updates are available for the first two products that cover multiple release branches with point releases, but a permanent fix for VMware Tanzu Kubernetes Grid Integrated Edition is still in the works.

For products without a permanent solution, VMware has provided a workaround that allows users to bypass the bug.

For more, read the original story in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Canada, U.S. sign international guidelines for safe AI development

Eighteen countries, including Canada, the U.S. and the U.K., today agreed on recommended guidelines to developers in their nations for the secure design, development, deployment, and operation of artificial intelligent systems. It’s the latest in a series of voluntary guardrails that nations are urging their public and private sectors to follow for overseeing AI in

Is OpenAI’s Q* Artificial General Intelligence?

OpenAI's latest model, Q* (pronounced Q Star), is raising eyebrows in the AI community as a potential milestone...

OpenAI’s Q* model: Was an AGI breakthrough the impetus for the management crisis?

There are reports that a new model from OpenAI's, Q* (pronounced Q Star), is capable of solving basic...

Microsoft employees angered by plans to hire OpenAI staff

The announcement by Microsoft's CTO, Kevin Scott, about hiring hundreds of OpenAI employees and matching their current compensation...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways