This page contains an overview of software (un)affected by the Spring4shell vulnerabilities. NCSC-NL and partners are attempting to maintain a list of all known vulnerable and not vulnerable software. Listed software is paired with specific information regarding which version contains the security fixes and which software still requires fixes. Please note that this vulnerability may also occur in custom software developed within your organisation. These occurrences are not registered in this overview.
Supplier | Product | Version | Status Spring4shell | Confirmed vulnerable / under investigation / not vulnerable | Notes | Links |
---|---|---|---|---|---|---|
Aruba Networks (HPE) | Multiple products | Not applicable | Not Vulnerable | Advisory ID: ARUBA-PSA-2022-006 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-006.txt | |
Atlassian | Bamboo Server and Data Center | Uses Spring Framework | Vulnerable | Vulnerable under specific conditions | https://confluence.atlassian.com/kb/faq-for-cve-2022-22965-1115149136.html | |
Atlassian | Confluence Server and Data Center | Uses Spring Framework | Vulnerable | Vulnerable under specific conditions | https://confluence.atlassian.com/kb/faq-for-cve-2022-22965-1115149136.html | |
Atlassian | Jira Service Management Server and Data Center | Uses Spring Framework | Vulnerable | Vulnerable under specific conditions | https://confluence.atlassian.com/kb/faq-for-cve-2022-22965-1115149136.html | |
Atlassian | Jira Software Server and Data Center | Uses Spring Framework | Vulnerable | Vulnerable under specific conditions | https://confluence.atlassian.com/kb/faq-for-cve-2022-22965-1115149136.html | |
Atlassian | Bitbucket Server and Data Center | Uses Spring Framework | Not Vulnerable | https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html | ||
Atlassian | Crowd | Uses Spring Framework | Not Vulnerable | https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html | ||
Atlassian | Crucible | Uses Spring Framework | Not Vulnerable | https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html | ||
Atlassian | Fisheye | Uses Spring Framework | Not Vulnerable | https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html | ||
Blueriq | Blueriq | Not applicable | Vulnerable | https://www.blueriq.com/actueel/maatregelen-cve22950-22963-22965 | ||
BMC | Control-M Application Pack | version 9.0.20 | Uses Spring Framework | Vulnerable | https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=000395541 | |
Cisco | Multiple products | Not applicable | Under investigation | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 | ||
CheckPoint | Multiple products | Not applicable | Not Vulnerable | https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk178605&src=securityAlerts | ||
Cloudian | Hyperstore | <=7.3.3 and <=7.4.0 | Vulnerable | https://cloudian-support.force.com/s/article/SECURITY-CVE-2022-22965-Spring-Framework-RCE-via-Data-Binding-on-JDK-9 | ||
Cloudian | Hyperstore | >7.3.3 and >7.4.0 | Not vulnerable | https://cloudian-support.force.com/s/article/SECURITY-CVE-2022-22965-Spring-Framework-RCE-via-Data-Binding-on-JDK-9 | ||
Cloudfoundry | UAA Release | 74.2.0 – 75.17.0 | Vulnerable | https://www.cloudfoundry.org/blog/cve-2022-22965-uaa-affected-by-spring-framework-rce-via-data-binding-on-jdk-9/ | ||
Cloudfoundry | CF Deployment | 12.1.0 | Vulnerable | https://www.cloudfoundry.org/blog/cve-2022-22965-uaa-affected-by-spring-framework-rce-via-data-binding-on-jdk-9/ | ||
Commvault | Multiple products | Not applicable | Not Vulnerable | https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html#cv2022041-spring-framework | ||
CyberArk | Multiple products | Not applicable | Not Vulnerable | https://cyberark-customers.force.com/s/article/Spring-Framework-CVE-2022-22965 | ||
Elastic | Elastic Search and multiple others | Not applicable | Not vulnerable | https://discuss.elastic.co/t/spring4shell-spring-framework-remote-code-execution-vulnerability/301229 | ||
Enovation Group | Multiple products / Cloverleaf | Not applicable | Not Vulnerable | https://enovationgroup.com/nl/nieuws/spring4shell-vulnerability-cve-2022-22965/ | ||
Extreme Networks | VOSS | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | SLX-OS | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Network OS | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Extreme Management Center (XMC) | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | XIQ-SE | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | NetIron OS | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | ExtremeControl | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | ExtremeConnect | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | ExtremeAnalytics | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Fabric Manager | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Guest and IoT Manager (GIM) | Not applicable | Not Vulnerable | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | EXOS | User Spring framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | BOSS | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | EOS (S/K/7100) | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | WiNG | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | NSight | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | ExtremeWireless | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | ExtremeCloud IQ | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | IQVA | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | VGVA | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | HiveManager Classic | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | IQEngine | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | ExtremeCloud A3 | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Traffic Sensor | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Extreme Campus Controller | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Extreme AirDefense | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | ExtremeLocation | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | ExtremeGuest (On-Premises) | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | ExtremeGuest (Essentials) | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Extreme Fabric Automation (EFA) | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Extreme Visibility Manager (XVM) | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Ipanema SD-WAN Orchestrator | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Ipanema SALSA | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | Ipanema ip engine | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | 200-series | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
Extreme Networks | ISW | Uses Spring Framework | Under investigation | https://extremeportal.force.com/ExtrArticleDetail?an=000103717 | ||
F5 | All product | Not applicable | Under investigation | https://support.f5.com/csp/article/K11510688 | ||
F5 | NGINX (all products) | Not applicable | Not Vulnerable | https://support.f5.com/csp/article/K11510688 | ||
Fortinet | FortiADC | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiAIOps | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiAnalyzer-BigData | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiAnalyzer | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiAP-C | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiAP-S | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiAP-U | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiAP-W2 | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiAP | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiAuthenticator | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiCASB | Not applicable | Under investigation | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiClientAndroid | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiClientEMS | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiClientLinux | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiClientMac | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiClientWindows | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | Forticonnect | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiConverter | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiDDoS-F | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiDDoS | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiDeceptor | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiEdge | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiEDR | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiExtender | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiInsight | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiIsolator | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiLANCloud | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiMail | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiManager | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiNAC | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiNDR | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiOS | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiPentest | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiPlanner | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiPolicy | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiPortal | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiPresence | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiRecorder | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiSandbox | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiSIEM | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiSOAR | Not applicable | Under investigation | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiSwitch | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiTester | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiVoiceEnterprise | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiWeb | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiWLC | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
Fortinet | FortiWLM | Not applicable | Not Vulnerable | https://fortiguard.fortinet.com/psirt/FG-IR-22-072 | ||
GeoServer | Geoserver | Uses Spring Framework | Not Vulnerable | https://geoserver.org/announcements/vulnerability/2022/04/01/spring.html | ||
Okta | Okta services | Not applicable | Not Vulnerable | https://sec.okta.com/articles/2022/04/oktas-response-cve-2022-22965-spring4shell | ||
Imprivata | Confirm ID Cloud | under investigation | ||||
Imprivata | Confirm ID (All on premises components | under investigation | ||||
Imprivata | Cortext (All on premises components) | not vulnerable | ||||
Imprivata | Cortext Cloud | not vulnerable | ||||
Imprivata | GroundControl Launchpad | not vulnerable | ||||
Imprivata | GroundControl Cloud | not vulnerable | ||||
Imprivata | FairWarning | not vulnerable | ||||
Imprivata | FairWaring API | not vulnerable | ||||
Imprivata | Identity Governance | not vulnerable | ||||
Imprivata | Imprivata ID | not vulnerable | ||||
Imprivata | Mobile Device Access | not vulnerable | ||||
Imprivata | OneSign Cloud | under investigation | ||||
Imprivata | OneSign Cloud (All on premisses components) | under investigation | ||||
Imprivata | PatientSecure | not vulnerable | ||||
Imprivata | Privileged Access Management | under investigation | ||||
Jamf | Pro | Uses Spring Framework | Vulnerable | https://community.jamf.com/t5/jamf-pro/spring4shell-vulnerability/td-p/262584 | ||
Jenkins | Core and Plugins | Not applicable | Not Vulnerable | https://www.jenkins.io/blog/2022/03/31/spring-rce-CVE-2022-22965/ | ||
Jenkins | Infrastructure | Not applicable | Not Vulnerable | https://www.jenkins.io/blog/2022/03/31/spring-rce-CVE-2022-22965/ | ||
Konica Minolta | Dispatcher Karagon | Uses Spring Framework | Vulnerable | Workaround available | https://service.konicaminolta.eu/csm?id=kb_article_view&sys_kb_id=a99883bbdba64510ab780febd3961952 | |
Konica Minolta | SafeQ | 6 | Uses Spring Framework | Vulnerable | Workaround available | https://service.konicaminolta.eu/csm?id=kb_article_view&sys_kb_id=d3a91b631baa8dd0f9fe97d19b4bcb67 |
McAfee | ePolicy | 5.x | Not Vulnerable | https://kc.mcafee.com/corporate/index?page=content&id=KB95454&locale=en_US | ||
Microfocus | Vertica Server | Not applicable | Not Vulnerable | https://portal.microfocus.com/s/article/KM000005107?language=en_US | ||
MicroStrategy | MicroStrategy 2021 | Below 5.3.18 or 5.2.20 | Vulnerable | https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-the-Spring-Framework-Remote-Code-Execution-Vulnerability?language=en_US | ||
MicroStrategy | MicroStrategy 2021 | 5.3.18 or 5.2.20 or higher | Not vulnerable | https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-the-Spring-Framework-Remote-Code-Execution-Vulnerability?language=en_US | ||
NetApp | Active IQ Unified Manager for Linux | Not applicable | Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Active IQ Unified Manager for Microsoft Windows | Not applicable | Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Active IQ Unified Manager for VMware vSphere | Not applicable | Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | OnCommand Insight | Not applicable | Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SnapManager for Oracle | Not applicable | Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SnapManager for SAP | Not applicable | Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | 7-Mode Transition Tool | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Brocade SAN Navigator (SANnav) | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Cloud Secure Agent | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Element Plug-in for vCenter Server | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Management Services for Element Software and NetApp HCI | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | MetroCluster Tiebreaker for clustered Data ONTAP | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO) | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | ONTAP Tools for VMware vSphere | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Snap Creator Framework | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SnapCenter Plug-in for VMware vSphere | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SnapManager for Hyper-V | Not applicable | Under investigation | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | AFF Baseboard Management Controller (BMC) - A700s | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | AFF Baseboard Management Controller (BMC) - A900 | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | ATTO FibreBridge - 6500N | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | ATTO FibreBridge - 7500N | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | ATTO FibreBridge - 7600N | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Active IQ mobile app | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Astra Control Center - NetApp Kubernetes Monitoring Operator | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Astra Trident | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Astra Trident Autosupport | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | BeeGFS CSI Driver | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Brocade Fabric Operating System Firmware | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Cloud Data Sense | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Cloud Insights Acquisition Unit | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Cloud Insights Telegraf Agent | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Cloud Manager | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Cloud Volumes ONTAP Mediator | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Clustered Data ONTAP | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Clustered Data ONTAP Antivirus Connector | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | E-Series BIOS | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | E-Series SANtricity OS Controller Software 11.x | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | E-Series SANtricity Storage Manager | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | E-Series SANtricity Web Services (REST API) for Web Services Proxy | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Element .NET SDK | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Element HealthTools | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Element JAVA SDK | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Element Powershell Tools | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Element Python SDK | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | FAS/AFF BIOS | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400 | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | FAS/AFF Baseboard Management Controller (BMC) - A250/500f | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800 | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Global File Cache | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Host Utilities - SAN for Linux | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Host Utilities - SAN for Windows | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Inventory Collect Tool | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Multipath I/O (SANtricity DSM for Windows MPIO) | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in) | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp Converged Systems Advisor Agent | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp E-Series BeeGFS Collection | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp E-Series Host Collection | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp E-Series Performance Analyzer | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp E-Series SANtricity Collection | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H300E/H500E/H700E/H410S | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp HCI Baseboard Management Controller (BMC) - H410C | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp HCI Baseboard Management Controller (BMC) - H610C | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp HCI Baseboard Management Controller (BMC) - H610S | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp HCI Baseboard Management Controller (BMC) - H615C | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp HCI Compute Node (Bootstrap OS) | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp HCI Compute Node BIOS | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp HCI Storage Node BIOS | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp Kubernetes Monitoring Operator | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp Manageability SDK | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp NFS Plug-in for VMware VAAI | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp SANtricity SMI-S Provider | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp SMI-S Provider | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp SolidFire & HCI Management Node | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp SolidFire BIOS | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software) | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp Storage Encryption | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp Virtual Desktop Service (VDS) | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp XCP NFS | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NetApp XCP SMB | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | NextGen API | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | ONTAP Mediator | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | ONTAP Select Deploy administration utility | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | OnCommand Workflow Automation | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Open Systems SnapVault Agent | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SANtricity Storage Plugin for vCenter | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SANtricity Unified Manager | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SAS Firmware | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SRA Plugin for Linux | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SRA Plugin for Windows | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Service Processor | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Single Mailbox Recovery | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SnapCenter | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SnapDrive for Unix | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SnapManager for Oracle Windows | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | SolidFire Storage Replication Adapter | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | Storage Services Connector | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | StorageGRID (formerly StorageGRID Webscale) | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | StorageGRID BIOS SG1000/SG100 | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | StorageGRID BIOS SG5660/SG5612/SG5760/SG5712 | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | StorageGRID BIOS SG6060/SGF6024 | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | StorageGRID Baseboard Management Controller (BMC) | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
NetApp | System Manager 9.x | Not applicable | Not Vulnerable | https://security.netapp.com/advisory/ntap-20220401-0001/ | ||
Ontotext | GraphDB | Not applicable | Not Vulnerable | https://www.ontotext.com/blog/graphdb-and-cve-2022-22965-aka-spring4shell/ | ||
Oxygen | XML Editor | Not applicable | Not Vulnerable | https://www.oxygenxml.com/security/advisory/CVE-2022-22965.html | ||
PagerDuty | Rundeck | Uses Spring Framework | Under investigation | |||
PaloAlto Networks | Cortex XDR Agent | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | Cortex XSOAR | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | Exact Data Matching CLI | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | Expanse | Not applicable | Not Vulnerable | |||
PaloAlto Networks | Expedition Migration Tool | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | GlobalProtect App | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | IoT Security | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | Okyo Garde | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | Palo Alto Networks App for Splunk | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | PAN-OS | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | Prisma Cloud Compute | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | User-ID Agent | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
PaloAlto Networks | WildFire Appliance (WF-500) | Not applicable | Not Vulnerable | https://security.paloaltonetworks.com/CVE-2022-22963 | ||
Pulse Secure | Ivanti Pulse Secure | Not applicable | Not Vulnerable | https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB45126/?kA13Z000000L3sW | ||
PTC | WindChill PDMLink | 11.1 M020 to 12.1.0.0 | Uses Spring Framework | Vulnerable | https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search | |
PTC | FlexPLM | 11.1 M010 to 12.0.3.0 | Uses Spring Framework | Vulnerable | https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search | |
Red Hat | Descision Manager | 7 | Vulnerable | https://access.redhat.com/security/cve/CVE-2022-22965 | ||
Red Hat | JBoss A-MQ 6 | 6-7 | Vulnerable | https://access.redhat.com/security/cve/CVE-2022-22965 | ||
Red Hat | JBoss Fuse 6 | 6-7 | Vulnerable | https://access.redhat.com/security/cve/CVE-2022-22965 | ||
Red Hat | Process Automation | 7 | Vulnerable | https://access.redhat.com/security/cve/CVE-2022-22965 | ||
Red Hat | Virtualization | 4 | Vulnerable | https://access.redhat.com/security/cve/CVE-2022-22965 | ||
Red Hat | Red Hat Integration Camel Extensions for Quarkus | 2.2.1-1 security | Vulnerable | https://access.redhat.com/errata/RHSA-2022:1306 | ||
SAP | SAP HANA Extended Application Services | Vulnerable | https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 | |||
SAP | SAP Customer Checkout | 2.0 | Vulnerable | https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 | ||
SAP | Powerdesigner Web Portal | 16.7 | Vulnerable | https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 | ||
Salesforce | Tableau Server | Uses Spring Framework, Tomcat and JDK9 | Not vulnerable | https://kb.tableau.com/articles/Issue/Spring4Shell-CVE-2022-22963-and-CVE-2022-22965 | ||
Servicenow | ServiceNow instance or MID | Uses Spring Framework | Under investigation | https://community.servicenow.com/community?id=community_question&sys_id=5530394edb2e8950e2adc2230596194f | ||
Solarwinds | Database Performance Analyzer (DPA) | Uses Spring Framework | Under investigation | https://www.solarwinds.com/trust-center/security-advisories/spring4shell | ||
Solarwinds | Security Event Manager (SEM) | Uses Spring Framework | Vulnerable | https://www.solarwinds.com/trust-center/security-advisories/spring4shell | ||
Solarwinds | Web Help Desk (WHD) | Uses Spring Framework | Under investigation | https://www.solarwinds.com/trust-center/security-advisories/spring4shell | ||
Sonicwall | Multiple products | Not applicable | Not Vulnerable | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 | ||
SonarSource | SonarCube | n/a | Not vulnerable | https://community.sonarsource.com/t/sonarqube-sonarcloud-and-spring4shell/60926 | ||
Trend Micro | All product | Unknown | Under investigation | https://success.trendmicro.com/dcx/s/solution/000290730?language=en_US | ||
Tibco | Multiple products | Not Vulnerable | https://www.tibco.com/support/notices/spring-framework-vulnerability-update | |||
Ubiquiti | Multiple products | Not Vulnerable | https://community.ui.com/releases/Statement-Regarding-Spring-CVE-2022-22965-2022-22950-and-2022-22963-001/19b2dc6f-4c36-436e-bd38-59ea0d6f1cb5 | |||
Veritas | Backup Exec | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | Desktop Laptop Option | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | Enterprise Vault | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | Enterprise Vault cloud | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | NetBackup Recovery Vault | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | NetBackup SaaS Protection | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | Merge1 | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | Quick Assist | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | Veritas Advanced Supervision | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | Veritas System Recovery | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | CloudPoint | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | Data Insight | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | eDiscovery | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | InfoScale VIOM | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | NetBackup | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | NetBackup IT Analytics (Previously APTARE) | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | NetBackup OpCenter | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
Veritas | VRP | Not applicable | Not Vulnerable | https://www.veritas.com/content/support/en_US/security/VTS22-006 | ||
VMware | Tanzu Application Service for VMs | 2.11-2.13 | Vulnerable | Potentially actively exploited | https://www.vmware.com/security/advisories/VMSA-2022-0010.html | |
VMware | Tanzu Application Service | 2.10 | Vulnerable | Potentially actively exploited | https://www.vmware.com/security/advisories/VMSA-2022-0010.html | |
VMware | Tanzu Operations Manager | 2.8-2.10 | Vulnerable | Potentially actively exploited | https://www.vmware.com/security/advisories/VMSA-2022-0010.html | |
VMware | TKGI | 1.11-1.13 | Vulnerable | Potentially actively exploited | https://www.vmware.com/security/advisories/VMSA-2022-0010.html | |
Kofax | Kofax Communication Manager | Uses Spring Framework | Not Vulnerable | https://community.kofax.com/s/question/0D53m00006FG8NVCA1/communications-manager-release-announcements?language=en_US | ||
Kofax | Device Web Service | Uses Spring Framework | Not Vulnerable | https://community.kofax.com/s/question/0D53m00006w0My3CAE/controlsuite-release-announcements?language=en_US | ||
Kofax | Invoice Portal | Uses Spring Framework | Not vulnerable | https://community.kofax.com/s/question/0D53m00006FG8RtCAL/readsoft-release-announcements?language=en_US | ||
Kofax | RPA | Uses Spring Framework | Under investigation | https://community.kofax.com/s/question/0D53m00006FG8ThCAL/robotic-process-automation-release-announcements?language=en_US | ||
Kofax | MarkView | Uses Spring Framework | Not vulnerable | https://community.kofax.com/s/question/0D53m00006FG8QdCAL/markview-release-announcements | ||
Kofax | Printix | Uses Spring Framework | Not vulnerable | https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information | ||
Kofax | SafeCom | Uses Spring Framework | Not vulnerable | https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information | ||
Kofax | SignDoc | Uses Spring Framework | Under investigation | https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information | ||
Kofax | Process Director for Accounts Payable | Uses Spring Framework | Not vulnerable | https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information | ||
ZorgTTP | Encryptiedienst TRES | Not applicable | not vulnerable | https://www.zorgttp.nl/spring4shell-kwetsbaarheid-geen-impact-op-zorgttp-dienstverlening/ | ||
ZorgTTP | PVM | Uses Spring Framework | not vulnerable | https://www.zorgttp.nl/spring4shell-kwetsbaarheid-geen-impact-op-zorgttp-dienstverlening/ | ||
ZorgTTP | CMT | Uses Spring Framework | not vulnerable | https://www.zorgttp.nl/spring4shell-kwetsbaarheid-geen-impact-op-zorgttp-dienstverlening/ | ||
ZorgTTP | DRM | Uses Spring Framework | not vulnerable | https://www.zorgttp.nl/spring4shell-kwetsbaarheid-geen-impact-op-zorgttp-dienstverlening/ |