Spring4Shell Zero-Day Vulnerability – CVE-2022-22965 – Product Status

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2022-012 CVE-2022-22965 03/31/2022 low v2

Vulnerability details

This advisory provides status of all Stormshield products against the Spring4Shell Zero-Day Vulnerability – CVE-2022-22965

 

Product Impact Comment
Stormshield Network Security (SNS) Not Impacted The product does not include the JAVA Spring software component in any of its versions
Stormshield Data Security (SDS) Not Impacted The product does not include the JAVA Spring software component in any of its versions
Stormshield Endpoint Security (SES) Not Impacted The product does not include the JAVA Spring software component in any of its versions
Stormshield Management Center (SMC) Not Impacted The product does not include the JAVA Spring software component in any of its versions
Stormshield Visibility Center (SVC) Not Impacted The product does not include the JAVA Spring software component in any of its versions
Stormshield Log Supervisor (SLS) Not Impacted The product does not include the JAVA Spring software component in any of its versions
SNCM V1.6 Not Impacted The product does not include the JAVA Spring software component
SNCM V2.0 Not Impacted The product does not include the JAVA Spring software component
SSL VPN Client Not Impacted The product does not include the JAVA Spring software component in any of its versions
SSO Agent Not Impacted The product does not include the JAVA Spring software component in any of its versions
Certified IPSec Client Not Impacted The product does not include the JAVA Spring software component in any of its versions
SNS Python API Not Impacted The product does not include the JAVA Spring software component in any of its versions

Impacted products

ProductsSeverityDetail

Revisions

Version Date Description
v1 04/Apr/2022 Initial release
v2 06/Apr/2022 Update : Stormshield Log Supervisor (SLS) is not impacted
v3 19/Apr/2022 Update : SNCM v2 is not impacted.