Is Control-M impacted by SpringShell/Spring4Shell/CVE-2022-22965 / CVE-2022-22963?
Is there a mitigation/fix/hotfix for the SpringShell/Spring4Shell/CVE-2022-22965 for Control-M ?
A detailed description of the Spring4Shell vulnerability can be found here: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
BMC has released the following Security Advisory about Spring4Shell. https://community.bmc.com/s/news/aA33n000000TXoRCAW/bmc-advisory-details-for-cve202222965-spring4shell-vulnerability
This Security Advisory will be updated regularly as additional information is available.
Last updated: September 27, 2022
For Helix Control-M products, refer to article 000395657
- Control-M Application Pack version 9.0.20 has been found to contain the Spring4Shell (CVE-2022-22965) vulnerability.
CVE-2022-22963All supported versions of all Control-M and Control-D products are not impacted by the CVE-2022-22963 vulnerability.