Is Control-M impacted by SpringShell/Spring4Shell/CVE-2022-22965 / CVE-2022-22963?
Is there a mitigation/fix/hotfix for the SpringShell/Spring4Shell/CVE-2022-22965 for Control-M ?
A detailed description of the Spring4Shell vulnerability can be found here: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
BMC has released the following Security Advisory about Spring4Shell. https://community.bmc.com/s/news/aA33n000000TXoRCAW/bmc-advisory-details-for-cve202222965-spring4shell-vulnerability
This Security Advisory will be updated regularly as additional information is available.
Last updated: April 18, 2022.
For Helix Control-M products, please refer to article 000395657
The following product has been found to contain the Spring4Shell (CVE-2022-22965) vulnerability:
- Control-M Application Pack version 9.0.20
CVE-2022-22963All supported versions of all Control-M and Control-D products are not impacted by the CVE-2022-22963 vulnerability.