Skip to content

Latest commit

 

History

History
313 lines (311 loc) · 39.9 KB

README.md

File metadata and controls

313 lines (311 loc) · 39.9 KB

Overview of software (un)affected by vulnerability

This page contains an overview of software (un)affected by the Spring4shell vulnerabilities. NCSC-NL and partners are attempting to maintain a list of all known vulnerable and not vulnerable software. Listed software is paired with specific information regarding which version contains the security fixes and which software still requires fixes. Please note that this vulnerability may also occur in custom software developed within your organisation. These occurrences are not registered in this overview.

Supplier Product Version Status Spring4shell Confirmed vulnerable / under investigation / not vulnerable Notes Links
Aruba Networks (HPE) Multiple products Not applicable Not Vulnerable Advisory ID: ARUBA-PSA-2022-006 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-006.txt
Atlassian Bamboo Server and Data Center Uses Spring Framework Vulnerable Vulnerable under specific conditions https://confluence.atlassian.com/kb/faq-for-cve-2022-22965-1115149136.html
Atlassian Confluence Server and Data Center Uses Spring Framework Vulnerable Vulnerable under specific conditions https://confluence.atlassian.com/kb/faq-for-cve-2022-22965-1115149136.html
Atlassian Jira Service Management Server and Data Center Uses Spring Framework Vulnerable Vulnerable under specific conditions https://confluence.atlassian.com/kb/faq-for-cve-2022-22965-1115149136.html
Atlassian Jira Software Server and Data Center Uses Spring Framework Vulnerable Vulnerable under specific conditions https://confluence.atlassian.com/kb/faq-for-cve-2022-22965-1115149136.html
Atlassian Bitbucket Server and Data Center Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Atlassian Crowd Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Atlassian Crucible Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Atlassian Fisheye Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Blueriq Blueriq Not applicable Vulnerable https://www.blueriq.com/actueel/maatregelen-cve22950-22963-22965
BMC Control-M Application Pack version 9.0.20 Uses Spring Framework Vulnerable https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=000395541
Cisco Multiple products Not applicable Under investigation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
CheckPoint Multiple products Not applicable Not Vulnerable https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk178605&src=securityAlerts
Cloudian Hyperstore <=7.3.3 and <=7.4.0 Vulnerable https://cloudian-support.force.com/s/article/SECURITY-CVE-2022-22965-Spring-Framework-RCE-via-Data-Binding-on-JDK-9
Cloudian Hyperstore >7.3.3 and >7.4.0 Not vulnerable https://cloudian-support.force.com/s/article/SECURITY-CVE-2022-22965-Spring-Framework-RCE-via-Data-Binding-on-JDK-9
Cloudfoundry UAA Release 74.2.0 – 75.17.0 Vulnerable https://www.cloudfoundry.org/blog/cve-2022-22965-uaa-affected-by-spring-framework-rce-via-data-binding-on-jdk-9/
Cloudfoundry CF Deployment 12.1.0 Vulnerable https://www.cloudfoundry.org/blog/cve-2022-22965-uaa-affected-by-spring-framework-rce-via-data-binding-on-jdk-9/
Commvault Multiple products Not applicable Not Vulnerable https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html#cv2022041-spring-framework
CyberArk Multiple products Not applicable Not Vulnerable https://cyberark-customers.force.com/s/article/Spring-Framework-CVE-2022-22965
Elastic Elastic Search and multiple others Not applicable Not vulnerable https://discuss.elastic.co/t/spring4shell-spring-framework-remote-code-execution-vulnerability/301229
Enovation Group Multiple products / Cloverleaf Not applicable Not Vulnerable https://enovationgroup.com/nl/nieuws/spring4shell-vulnerability-cve-2022-22965/
Extreme Networks VOSS Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks SLX-OS Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Network OS Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Extreme Management Center (XMC) Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks XIQ-SE Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks NetIron OS Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeControl Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeConnect Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeAnalytics Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Fabric Manager Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Guest and IoT Manager (GIM) Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks EXOS User Spring framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks BOSS Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks EOS (S/K/7100) Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks WiNG Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks NSight Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeWireless Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeCloud IQ Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks IQVA Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks VGVA Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks HiveManager Classic Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks IQEngine Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeCloud A3 Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Traffic Sensor Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Extreme Campus Controller Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Extreme AirDefense Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeLocation Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeGuest (On-Premises) Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeGuest (Essentials) Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Extreme Fabric Automation (EFA) Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Extreme Visibility Manager (XVM) Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Ipanema SD-WAN Orchestrator Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Ipanema SALSA Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Ipanema ip engine Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks 200-series Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ISW Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
F5 All product Not applicable Under investigation https://support.f5.com/csp/article/K11510688
F5 NGINX (all products) Not applicable Not Vulnerable https://support.f5.com/csp/article/K11510688
Fortinet FortiADC Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAIOps Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAnalyzer-BigData Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAnalyzer Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAP-C Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAP-S Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAP-U Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAP-W2 Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAP Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAuthenticator Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiCASB Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiClientAndroid Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiClientEMS Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiClientLinux Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiClientMac Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiClientWindows Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet Forticonnect Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiConverter Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiDDoS-F Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiDDoS Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiDeceptor Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiEdge Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiEDR Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiExtender Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiInsight Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiIsolator Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiLANCloud Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiMail Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiManager Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiNAC Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiNDR Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiOS Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiPentest Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiPlanner Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiPolicy Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiPortal Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiPresence Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiRecorder Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiSandbox Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiSIEM Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiSOAR Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiSwitch Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiTester Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiVoiceEnterprise Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiWeb Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiWLC Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiWLM Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
GeoServer Geoserver Uses Spring Framework Not Vulnerable https://geoserver.org/announcements/vulnerability/2022/04/01/spring.html
Okta Okta services Not applicable Not Vulnerable https://sec.okta.com/articles/2022/04/oktas-response-cve-2022-22965-spring4shell
Imprivata Confirm ID Cloud under investigation
Imprivata Confirm ID (All on premises components under investigation
Imprivata Cortext (All on premises components) not vulnerable
Imprivata Cortext Cloud not vulnerable
Imprivata GroundControl Launchpad not vulnerable
Imprivata GroundControl Cloud not vulnerable
Imprivata FairWarning not vulnerable
Imprivata FairWaring API not vulnerable
Imprivata Identity Governance not vulnerable
Imprivata Imprivata ID not vulnerable
Imprivata Mobile Device Access not vulnerable
Imprivata OneSign Cloud under investigation
Imprivata OneSign Cloud (All on premisses components) under investigation
Imprivata PatientSecure not vulnerable
Imprivata Privileged Access Management under investigation
Jamf Pro Uses Spring Framework Vulnerable https://community.jamf.com/t5/jamf-pro/spring4shell-vulnerability/td-p/262584
Jenkins Core and Plugins Not applicable Not Vulnerable https://www.jenkins.io/blog/2022/03/31/spring-rce-CVE-2022-22965/
Jenkins Infrastructure Not applicable Not Vulnerable https://www.jenkins.io/blog/2022/03/31/spring-rce-CVE-2022-22965/
Konica Minolta Dispatcher Karagon Uses Spring Framework Vulnerable Workaround available https://service.konicaminolta.eu/csm?id=kb_article_view&sys_kb_id=a99883bbdba64510ab780febd3961952
Konica Minolta SafeQ 6 Uses Spring Framework Vulnerable Workaround available https://service.konicaminolta.eu/csm?id=kb_article_view&sys_kb_id=d3a91b631baa8dd0f9fe97d19b4bcb67
McAfee ePolicy 5.x Not Vulnerable https://kc.mcafee.com/corporate/index?page=content&id=KB95454&locale=en_US
Microfocus Vertica Server Not applicable Not Vulnerable https://portal.microfocus.com/s/article/KM000005107?language=en_US
MicroStrategy MicroStrategy 2021 Below 5.3.18 or 5.2.20 Vulnerable https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-the-Spring-Framework-Remote-Code-Execution-Vulnerability?language=en_US
MicroStrategy MicroStrategy 2021 5.3.18 or 5.2.20 or higher Not vulnerable https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-the-Spring-Framework-Remote-Code-Execution-Vulnerability?language=en_US
NetApp Active IQ Unified Manager for Linux Not applicable Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Active IQ Unified Manager for Microsoft Windows Not applicable Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Active IQ Unified Manager for VMware vSphere Not applicable Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp OnCommand Insight Not applicable Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SnapManager for Oracle Not applicable Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SnapManager for SAP Not applicable Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp 7-Mode Transition Tool Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Brocade SAN Navigator (SANnav) Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Cloud Secure Agent Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Element Plug-in for vCenter Server Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Management Services for Element Software and NetApp HCI Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp MetroCluster Tiebreaker for clustered Data ONTAP Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO) Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp ONTAP Tools for VMware vSphere Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Snap Creator Framework Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SnapCenter Plug-in for VMware vSphere Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SnapManager for Hyper-V Not applicable Under investigation https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp AFF Baseboard Management Controller (BMC) - A700s Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp AFF Baseboard Management Controller (BMC) - A900 Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp ATTO FibreBridge - 6500N Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp ATTO FibreBridge - 7500N Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp ATTO FibreBridge - 7600N Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Active IQ mobile app Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Astra Control Center - NetApp Kubernetes Monitoring Operator Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Astra Trident Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Astra Trident Autosupport Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp BeeGFS CSI Driver Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Brocade Fabric Operating System Firmware Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Cloud Data Sense Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Cloud Insights Acquisition Unit Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Cloud Insights Telegraf Agent Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Cloud Manager Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Cloud Volumes ONTAP Mediator Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Clustered Data ONTAP Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Clustered Data ONTAP Antivirus Connector Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp E-Series BIOS Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp E-Series SANtricity OS Controller Software 11.x Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp E-Series SANtricity Storage Manager Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp E-Series SANtricity Web Services (REST API) for Web Services Proxy Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Element .NET SDK Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Element HealthTools Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Element JAVA SDK Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Element Powershell Tools Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Element Python SDK Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp FAS/AFF BIOS Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400 Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp FAS/AFF Baseboard Management Controller (BMC) - A250/500f Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800 Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Global File Cache Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Host Utilities - SAN for Linux Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Host Utilities - SAN for Windows Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Inventory Collect Tool Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Multipath I/O (SANtricity DSM for Windows MPIO) Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in) Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp Converged Systems Advisor Agent Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp E-Series BeeGFS Collection Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp E-Series Host Collection Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp E-Series Performance Analyzer Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp E-Series SANtricity Collection Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H300E/H500E/H700E/H410S Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp HCI Baseboard Management Controller (BMC) - H410C Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp HCI Baseboard Management Controller (BMC) - H610C Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp HCI Baseboard Management Controller (BMC) - H610S Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp HCI Baseboard Management Controller (BMC) - H615C Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp HCI Compute Node (Bootstrap OS) Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp HCI Compute Node BIOS Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp HCI Storage Node BIOS Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp Kubernetes Monitoring Operator Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp Manageability SDK Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp NFS Plug-in for VMware VAAI Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp SANtricity SMI-S Provider Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp SMI-S Provider Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp SolidFire & HCI Management Node Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp SolidFire BIOS Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software) Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp Storage Encryption Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp Virtual Desktop Service (VDS) Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp XCP NFS Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NetApp XCP SMB Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp NextGen API Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp ONTAP Mediator Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp ONTAP Select Deploy administration utility Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp OnCommand Workflow Automation Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Open Systems SnapVault Agent Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SANtricity Storage Plugin for vCenter Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SANtricity Unified Manager Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SAS Firmware Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SRA Plugin for Linux Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SRA Plugin for Windows Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Service Processor Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Single Mailbox Recovery Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SnapCenter Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SnapDrive for Unix Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SnapManager for Oracle Windows Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp SolidFire Storage Replication Adapter Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp Storage Services Connector Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp StorageGRID (formerly StorageGRID Webscale) Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp StorageGRID BIOS SG1000/SG100 Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp StorageGRID BIOS SG5660/SG5612/SG5760/SG5712 Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp StorageGRID BIOS SG6060/SGF6024 Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp StorageGRID Baseboard Management Controller (BMC) Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
NetApp System Manager 9.x Not applicable Not Vulnerable https://security.netapp.com/advisory/ntap-20220401-0001/
Ontotext GraphDB Not applicable Not Vulnerable https://www.ontotext.com/blog/graphdb-and-cve-2022-22965-aka-spring4shell/
Oxygen XML Editor Not applicable Not Vulnerable https://www.oxygenxml.com/security/advisory/CVE-2022-22965.html
PagerDuty Rundeck Uses Spring Framework Under investigation
PaloAlto Networks Cortex XDR Agent Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks Cortex XSOAR Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks Exact Data Matching CLI Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks Expanse Not applicable Not Vulnerable
PaloAlto Networks Expedition Migration Tool Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks GlobalProtect App Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks IoT Security Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks Okyo Garde Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks Palo Alto Networks App for Splunk Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks PAN-OS Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks Prisma Cloud Compute Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks User-ID Agent Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
PaloAlto Networks WildFire Appliance (WF-500) Not applicable Not Vulnerable https://security.paloaltonetworks.com/CVE-2022-22963
Pulse Secure Ivanti Pulse Secure Not applicable Not Vulnerable https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB45126/?kA13Z000000L3sW
PTC WindChill PDMLink 11.1 M020 to 12.1.0.0 Uses Spring Framework Vulnerable https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search
PTC FlexPLM 11.1 M010 to 12.0.3.0 Uses Spring Framework Vulnerable https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search
Red Hat Descision Manager 7 Vulnerable https://access.redhat.com/security/cve/CVE-2022-22965
Red Hat JBoss A-MQ 6 6-7 Vulnerable https://access.redhat.com/security/cve/CVE-2022-22965
Red Hat JBoss Fuse 6 6-7 Vulnerable https://access.redhat.com/security/cve/CVE-2022-22965
Red Hat Process Automation 7 Vulnerable https://access.redhat.com/security/cve/CVE-2022-22965
Red Hat Virtualization 4 Vulnerable https://access.redhat.com/security/cve/CVE-2022-22965
Red Hat Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security Vulnerable https://access.redhat.com/errata/RHSA-2022:1306
SAP SAP HANA Extended Application Services Vulnerable https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
SAP SAP Customer Checkout 2.0 Vulnerable https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
SAP Powerdesigner Web Portal 16.7 Vulnerable https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
Salesforce Tableau Server Uses Spring Framework, Tomcat and JDK9 Not vulnerable https://kb.tableau.com/articles/Issue/Spring4Shell-CVE-2022-22963-and-CVE-2022-22965
Servicenow ServiceNow instance or MID Uses Spring Framework Under investigation https://community.servicenow.com/community?id=community_question&sys_id=5530394edb2e8950e2adc2230596194f
Solarwinds Database Performance Analyzer (DPA) Uses Spring Framework Under investigation https://www.solarwinds.com/trust-center/security-advisories/spring4shell
Solarwinds Security Event Manager (SEM) Uses Spring Framework Vulnerable https://www.solarwinds.com/trust-center/security-advisories/spring4shell
Solarwinds Web Help Desk (WHD) Uses Spring Framework Under investigation https://www.solarwinds.com/trust-center/security-advisories/spring4shell
Sonicwall Multiple products Not applicable Not Vulnerable https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
SonarSource SonarCube n/a Not vulnerable https://community.sonarsource.com/t/sonarqube-sonarcloud-and-spring4shell/60926
Trend Micro All product Unknown Under investigation https://success.trendmicro.com/dcx/s/solution/000290730?language=en_US
Tibco Multiple products Not Vulnerable https://www.tibco.com/support/notices/spring-framework-vulnerability-update
Ubiquiti Multiple products Not Vulnerable https://community.ui.com/releases/Statement-Regarding-Spring-CVE-2022-22965-2022-22950-and-2022-22963-001/19b2dc6f-4c36-436e-bd38-59ea0d6f1cb5
Veritas Backup Exec Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Desktop Laptop Option Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Enterprise Vault Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Enterprise Vault cloud Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas NetBackup Recovery Vault Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas NetBackup SaaS Protection Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Merge1 Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Quick Assist Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Veritas Advanced Supervision Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Veritas System Recovery Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas CloudPoint Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Data Insight Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas eDiscovery Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas InfoScale VIOM Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas NetBackup Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas NetBackup IT Analytics (Previously APTARE) Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas NetBackup OpCenter Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas VRP Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
VMware Tanzu Application Service for VMs 2.11-2.13 Vulnerable Potentially actively exploited https://www.vmware.com/security/advisories/VMSA-2022-0010.html
VMware Tanzu Application Service 2.10 Vulnerable Potentially actively exploited https://www.vmware.com/security/advisories/VMSA-2022-0010.html
VMware Tanzu Operations Manager 2.8-2.10 Vulnerable Potentially actively exploited https://www.vmware.com/security/advisories/VMSA-2022-0010.html
VMware TKGI 1.11-1.13 Vulnerable Potentially actively exploited https://www.vmware.com/security/advisories/VMSA-2022-0010.html
Kofax Kofax Communication Manager Uses Spring Framework Not Vulnerable https://community.kofax.com/s/question/0D53m00006FG8NVCA1/communications-manager-release-announcements?language=en_US
Kofax Device Web Service Uses Spring Framework Not Vulnerable https://community.kofax.com/s/question/0D53m00006w0My3CAE/controlsuite-release-announcements?language=en_US
Kofax Invoice Portal Uses Spring Framework Not vulnerable https://community.kofax.com/s/question/0D53m00006FG8RtCAL/readsoft-release-announcements?language=en_US
Kofax RPA Uses Spring Framework Under investigation https://community.kofax.com/s/question/0D53m00006FG8ThCAL/robotic-process-automation-release-announcements?language=en_US
Kofax MarkView Uses Spring Framework Not vulnerable https://community.kofax.com/s/question/0D53m00006FG8QdCAL/markview-release-announcements
Kofax Printix Uses Spring Framework Not vulnerable https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information
Kofax SafeCom Uses Spring Framework Not vulnerable https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information
Kofax SignDoc Uses Spring Framework Under investigation https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information
Kofax Process Director for Accounts Payable Uses Spring Framework Not vulnerable https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information
ZorgTTP Encryptiedienst TRES Not applicable not vulnerable https://www.zorgttp.nl/spring4shell-kwetsbaarheid-geen-impact-op-zorgttp-dienstverlening/
ZorgTTP PVM Uses Spring Framework not vulnerable https://www.zorgttp.nl/spring4shell-kwetsbaarheid-geen-impact-op-zorgttp-dienstverlening/
ZorgTTP CMT Uses Spring Framework not vulnerable https://www.zorgttp.nl/spring4shell-kwetsbaarheid-geen-impact-op-zorgttp-dienstverlening/
ZorgTTP DRM Uses Spring Framework not vulnerable https://www.zorgttp.nl/spring4shell-kwetsbaarheid-geen-impact-op-zorgttp-dienstverlening/