Is Control-M impacted by SpringShell/Spring4Shell/CVE-2022-22965 / CVE-2022-22963? Is there a mitigation/fix/hotfix for the SpringShell/Spring4Shell/CVE-2022-22965 for Control-M ? A detailed description of the Spring4Shell vulnerability can be found here: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement BMC has released the following Security Advisory about Spring4Shell. https://community.bmc.com/s/news/aA33n000000TXoRCAW/bmc-advisory-details-for-cve202222965-spring4shell-vulnerability This Security Advisory will be updated regularly as additional information is available. |
Last updated: September 27, 2022 For Helix Control-M products, refer to article 000395657 CVE-2022-22965 (Spring4Shell)- Control-M Application Pack version 9.0.20 has been found to contain the Spring4Shell (CVE-2022-22965) vulnerability. CVE-2022-22963All supported versions of all Control-M and Control-D products are not impacted by the CVE-2022-22963 vulnerability. |