Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11VMware patches RCE Spring4Shell vulnerability on a wide range of products
The list of products affected by Spring4Shell is posted by VMware in the security warning that the company has just posted. For unpatched products, VMware also provides a temporary fix.
At this point, users should follow the security guidelines because Spring4Shell is being actively exploited by hackers.
Spring4Shell is a remote code execution (RCE) vulnerability tracked under code CVE-2022-22965. This vulnerability resides in the Spring Core Java framework and can be exploited without authentication, with a severity rating of 9.8 out of 10.
Since Spring Framework is widely deployed for Java application development, security analysts are concerned about large-scale attacks targeting the Spring4Shell vulnerability.
Worse still, this exploit (PoC) method was shared on GitHub before the patches were released. Although it was immediately removed, this exploit method was shared everywhere on the internet.
This critical vulnerability affects Spring MVC and Spring WebFlux applications running on JDK 9+. To exploit requires the application to run on Tomcat as a WAR implementation although the exact limitations are still under investigation.
Below are the affected VMware products:
- VMware Tanzu Application Service for VMs - versions 2.10 to 2.13.
- VMware Tanzu Operation Manager - version 2.8 to 2.9.
- VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) - versions 1.11 to 1.13.
If you are using products with the above versions, you should update immediately to ensure that all vulnerabilities are fixed.
Jessica TannerYou should read it
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Microsoft patches vulnerability in Windows AppX Installer being used to spread Emotet malware
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- What is VENOM Vulnerability? How can you protect yourself?
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
May be interested
- 11 products of Google are little known
besides familiar tools like google search or google earth, the 'search giant' also owns a wide range of products with 'strange' names like google art or google think. - GitLab patches critical vulnerability that allows hackers to take control of accountsgitlab has just resolved a critical vulnerability that could allow hackers to take over users' accounts with hard-coded passwords. it is worth mentioning here that the hacker can perform the attack remotely.
- What is WDR technology?wdr stands for wide dynamic range - anti-backlight technology used on cameras or cameras to be able to record and take pictures in all lighting conditions.
- How to fix Not enough physical memory on VMwarevmware is a software for creating virtual machines on a computer, enabling you to run multiple operating systems in parallel. however, when a not enough physical memory error occurs on vmware, users will not be able to install the software.
- Adobe released an emergency patch of Flash's security vulnerabilityadobe has released a patch for a serious security vulnerability (cve-2014 - 0497) in flash products that allows crooks to attack the victim's system remotely.
- VMware Workstation Player - Download VMware Workstation Playervmware workstation player is the ideal utility for running a single virtual machine on a pc running windows or linux. organizations use workstation player to provide company-managed desktops, while students and educators use the tool for learning and training.
- New vulnerability on MediaTek chip makes 30% of Android smartphones can be eavesdroppedmediatek has just had to immediately release patches for vulnerabilities that allow hackers to eavesdrop on android users' calls. even hackers can exploit the vulnerability to run commands or privilege escalation attacks.
- Top 5 tips for installing and using VMware virtual machinevmware workstation is software that allows you to create a virtual machine that runs in parallel on the physical computer. to experience the best vmware, you can use 5 vmware tips through the tutorial below.
- How to Run a Windows Longhorn Virtual Machine in VMwarewant to try out the operating system that was to be windows vista, but was never released? you can run longhorn using vmware pretty easily. download vmware player or vmware workstation. before we can start installing windows longhorn, we...
- Instructions for fixing errors do not install VMware Toolsyou have successfully installed the virtual machine, but you cannot perform the drag and drop operation between the real machine and the virtual machine as before, you cannot fullscreen the virtual machine ... why? it's really simple, the reason is that vmware workstation uses the file system autoinst.flp (located in the virtual machine installation directory) to create the floppy drive ...
Attack the network
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- New phishing toolkit discovered that makes it easy to create fake Chrome browser windows
- Specter V2 vulnerability re-appears to attack Intel, Arm CPUs, AMD chips are not affected
- Notorious botnet TrickBot stopped working, redirected to another form of malicious code that could be more dangerous
- NVIDIA suffered a cyber attack, massive damage estimated
- Ransomware is being used as bait in data destruction attacks targeting Ukraine
New phishing toolkit discovered that makes it easy to create fake Chrome browser windows
Specter V2 vulnerability re-appears to attack Intel, Arm CPUs, AMD chips are not affected
Notorious botnet TrickBot stopped working, redirected to another form of malicious code that could be more dangerous
NVIDIA suffered a cyber attack, massive damage estimated
Ransomware is being used as bait in data destruction attacks targeting Ukraine