Spring4Shell Zero-Day Vulnerability – CVE-2022-22965 – Product Status
Vulnerability details
This advisory provides status of all Stormshield products against the Spring4Shell Zero-Day Vulnerability – CVE-2022-22965
| Product |
Impact |
Comment |
| Stormshield Network Security (SNS) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
| Stormshield Data Security (SDS) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
| Stormshield Endpoint Security (SES) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
| Stormshield Management Center (SMC) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
| Stormshield Visibility Center (SVC) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
| Stormshield Log Supervisor (SLS) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
| SNCM V1.6 |
Not Impacted |
The product does not include the JAVA Spring software component |
| SNCM V2.0 |
Not Impacted |
The product does not include the JAVA Spring software component |
| SSL VPN Client |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
| SSO Agent |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
| Certified IPSec Client |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
| SNS Python API |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
Impacted products
Revisions
| Version |
Date |
Description |
| v1 |
04/Apr/2022 |
Initial release |
| v2 |
06/Apr/2022 |
Update : Stormshield Log Supervisor (SLS) is not impacted |
| v3 |
19/Apr/2022 |
Update : SNCM v2 is not impacted. |
