VMware patches RCE Spring4Shell vulnerability on a wide range of products
The list of products affected by Spring4Shell is posted by VMware in the security warning that the company has just posted. For unpatched products, VMware also provides a temporary fix.
At this point, users should follow the security guidelines because Spring4Shell is being actively exploited by hackers.
Spring4Shell is a remote code execution (RCE) vulnerability tracked under code CVE-2022-22965. This vulnerability resides in the Spring Core Java framework and can be exploited without authentication, with a severity rating of 9.8 out of 10.
Since Spring Framework is widely deployed for Java application development, security analysts are concerned about large-scale attacks targeting the Spring4Shell vulnerability.
Worse still, this exploit (PoC) method was shared on GitHub before the patches were released. Although it was immediately removed, this exploit method was shared everywhere on the internet.
This critical vulnerability affects Spring MVC and Spring WebFlux applications running on JDK 9+. To exploit requires the application to run on Tomcat as a WAR implementation although the exact limitations are still under investigation.
Below are the affected VMware products:
- VMware Tanzu Application Service for VMs - versions 2.10 to 2.13.
- VMware Tanzu Operation Manager - version 2.8 to 2.9.
- VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) - versions 1.11 to 1.13.
If you are using products with the above versions, you should update immediately to ensure that all vulnerabilities are fixed.
You should read it
- Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Microsoft patches vulnerability in Windows AppX Installer being used to spread Emotet malware
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- What is VENOM Vulnerability? How can you protect yourself?
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
- Steps to fix PrintNightmare vulnerability on Windows 10
Maybe you are interested
Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMware
How to transfer files between virtual machines and PCs on VMware and VirtualBox
How to download and use VMware Workstation Pro for free for individual users
Share Key VMware 17, activate license to use the software
Install Windows 10 in VMWare Workstation virtual machine for computer
VMware Fusion Pro is available for free for personal use