Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11VMware patches RCE Spring4Shell vulnerability on a wide range of products
The list of products affected by Spring4Shell is posted by VMware in the security warning that the company has just posted. For unpatched products, VMware also provides a temporary fix.
At this point, users should follow the security guidelines because Spring4Shell is being actively exploited by hackers.
Spring4Shell is a remote code execution (RCE) vulnerability tracked under code CVE-2022-22965. This vulnerability resides in the Spring Core Java framework and can be exploited without authentication, with a severity rating of 9.8 out of 10.
Since Spring Framework is widely deployed for Java application development, security analysts are concerned about large-scale attacks targeting the Spring4Shell vulnerability.
Worse still, this exploit (PoC) method was shared on GitHub before the patches were released. Although it was immediately removed, this exploit method was shared everywhere on the internet.
This critical vulnerability affects Spring MVC and Spring WebFlux applications running on JDK 9+. To exploit requires the application to run on Tomcat as a WAR implementation although the exact limitations are still under investigation.
Below are the affected VMware products:
- VMware Tanzu Application Service for VMs - versions 2.10 to 2.13.
- VMware Tanzu Operation Manager - version 2.8 to 2.9.
- VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) - versions 1.11 to 1.13.
If you are using products with the above versions, you should update immediately to ensure that all vulnerabilities are fixed.
Jessica TannerYou should read it
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Microsoft patches vulnerability in Windows AppX Installer being used to spread Emotet malware
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- What is VENOM Vulnerability? How can you protect yourself?
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
May be interested
- GitLab patches critical vulnerability that allows hackers to take control of accounts
gitlab has just resolved a critical vulnerability that could allow hackers to take over users' accounts with hard-coded passwords. it is worth mentioning here that the hacker can perform the attack remotely. - New phishing toolkit discovered that makes it easy to create fake Chrome browser windowsinternational security researchers have recently discovered a dangerous set of phishing tools. this tool is designed to allow scammers and cybercriminals to create simple and effective online phishing login forms using just a fake chrome browser window.
- Specter V2 vulnerability re-appears to attack Intel, Arm CPUs, AMD chips are not affectedsecurity research team vusec and intel have just released a notice of a dangerous remote execution vulnerability of the specter class, known as branch history injection or bhi.
- Notorious botnet TrickBot stopped working, redirected to another form of malicious code that could be more dangeroustrickbot, one of the most active and damaging botnets ever recorded worldwide.
- NVIDIA suffered a cyber attack, massive damage estimatednvidia is the next big name to be targeted by hackers in 2022. according to a report from the telegraph, the us computer hardware maker seems to have suffered a serious attack, possibly affects the majority of its business worldwide.
- Ransomware is being used as bait in data destruction attacks targeting Ukraineinternational security researchers have issued a warning about a new type of data erasure malware that is currently being deployed in destructive attacks targeting ukraine's network infrastructure.
Attack the network
Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting- Why mid-range Galaxy smartphones are increasingly worth buying
- Botnet Echobot spreads across a wide range, specifically targeting Oracle and VMware applications
- Intel will stop releasing patches for the Specter v2 security hole on some older CPUs
- VMware Fusion Pro is available for free for personal use
Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
Why mid-range Galaxy smartphones are increasingly worth buying
Botnet Echobot spreads across a wide range, specifically targeting Oracle and VMware applications
Intel will stop releasing patches for the Specter v2 security hole on some older CPUs
VMware Fusion Pro is available for free for personal use