Spring4Shell Zero-Day Vulnerability – CVE-2022-22965 – Product Status
Vulnerability details
This advisory provides status of all Stormshield products against the Spring4Shell Zero-Day Vulnerability – CVE-2022-22965
Product |
Impact |
Comment |
Stormshield Network Security (SNS) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
Stormshield Data Security (SDS) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
Stormshield Endpoint Security (SES) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
Stormshield Management Center (SMC) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
Stormshield Visibility Center (SVC) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
Stormshield Log Supervisor (SLS) |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
SNCM V1.6 |
Not Impacted |
The product does not include the JAVA Spring software component |
SNCM V2.0 |
Not Impacted |
The product does not include the JAVA Spring software component |
SSL VPN Client |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
SSO Agent |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
Certified IPSec Client |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
SNS Python API |
Not Impacted |
The product does not include the JAVA Spring software component in any of its versions |
Impacted products
Revisions
Version |
Date |
Description |
v1 |
04/Apr/2022 |
Initial release |
v2 |
06/Apr/2022 |
Update : Stormshield Log Supervisor (SLS) is not impacted |
v3 |
19/Apr/2022 |
Update : SNCM v2 is not impacted. |