VMware Release Security Updates To Fix Spring4Shell RCE Flaw

Share post:

VMware has released security updates to fix the critical remote code execution (RCE) flaw known as Spring4Shell.

The bug affects several of the company’s cloud computing and virtualisation products.

The bug, which is tracked as CVE-2022-22965, was found in the Spring Core Java framework and can be exploited without authentication.

The vulnerability has a severity of 9.8 out of 10. This means that it could be used by any malicious actor to gain access to vulnerable applications.

It can then be used to execute arbitrary commands and take complete control of a target system.

Affected products include VMware Tanzu Application Service for VMs (versions 2.10 to 2.13), VMware Tanzu Operations Manager (versions 2.8 to 2.9), and VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) versions 1.11 to 1.13.

Security updates are available for the first two products that cover multiple release branches with point releases, but a permanent fix for VMware Tanzu Kubernetes Grid Integrated Edition is still in the works.

For products without a permanent solution, VMware has provided a workaround that allows users to bypass the bug.

For more, read the original story in BleepingComputer.

SUBSCRIBE NOW

Related articles

Starlink’s evolution making it less “TCP/IP friendly”

The rapid evolution of Starlink's satellite internet presents significant challenges for traditional Transmission Control Protocol (TCP), according to...

Google does the unthinkable – reportedly erasing a 125 billion dollar pension fund

It's reported that Google inadvertently erased the Google Cloud account of UniSuper, an Australian pension fund valued at...

Microsoft’s AI success may spell defeat for it’s climate goals

Microsoft's ambitious strides in AI technology are now posing a significant challenge to its own climate goals, as...

OpenAI’s Chief Scientist Ilya Sutskever Departs Company

Ilya Sutskever, co-founder and chief scientist of OpenAI, has officially announced his departure from the company. This move...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways