Search here...
SUBSCRIBE
Artificial IntelligenceCloud

VMware Release Security Updates To Fix Spring4Shell RCE Flaw

Share post:

TND Newsdesk
TND Newsdesk
Less than 1 min.

VMware has released security updates to fix the critical remote code execution (RCE) flaw known as Spring4Shell.

The bug affects several of the company’s cloud computing and virtualisation products.

The bug, which is tracked as CVE-2022-22965, was found in the Spring Core Java framework and can be exploited without authentication.

The vulnerability has a severity of 9.8 out of 10. This means that it could be used by any malicious actor to gain access to vulnerable applications.

It can then be used to execute arbitrary commands and take complete control of a target system.

Affected products include VMware Tanzu Application Service for VMs (versions 2.10 to 2.13), VMware Tanzu Operations Manager (versions 2.8 to 2.9), and VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) versions 1.11 to 1.13.

Security updates are available for the first two products that cover multiple release branches with point releases, but a permanent fix for VMware Tanzu Kubernetes Grid Integrated Edition is still in the works.

For products without a permanent solution, VMware has provided a workaround that allows users to bypass the bug.

For more, read the original story in BleepingComputer.

TND Newsdesk
TND Newsdesk

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Artificial Intelligence

Canada, U.S. sign international guidelines for safe AI development

Eighteen countries, including Canada, the U.S. and the U.K., today agreed on recommended guidelines to developers in their nations for the secure design, development, deployment, and operation of artificial intelligent systems. It’s the latest in a series of voluntary guardrails that nations are urging their public and private sectors to follow for overseeing AI in
Artificial Intelligence

Is OpenAI’s Q* Artificial General Intelligence?

OpenAI's latest model, Q* (pronounced Q Star), is raising eyebrows in the AI community as a potential milestone...
Artificial Intelligence

OpenAI’s Q* model: Was an AGI breakthrough the impetus for the management crisis?

There are reports that a new model from OpenAI's, Q* (pronounced Q Star), is capable of solving basic...
Artificial Intelligence

Microsoft employees angered by plans to hire OpenAI staff

The announcement by Microsoft's CTO, Kevin Scott, about hiring hundreds of OpenAI employees and matching their current compensation...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways

Subscribe Now

Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Most Popular Categoires

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals - executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways

SUBSCRIBE NOW

© TechNewsDay