What are you looking for?
Security Advisory: Spring Framework Vulnerabilities
CVE-2022-22963, CVE-2022-22965
Updated: April 20, 2022
In late March 2022, Spring announced two vulnerabilities within the Spring Framework and Spring Cloud Function. On March 29, 2022, the Spring Cloud Expression Resource Access Vulnerability tracked in CVE-2022-22963 was patched with the release of Spring Cloud Function 3.1.7 and 3.2.3. Two days later on March 31, 2022, Spring released version 5.3.18 and 5.2.20 of Spring Framework to patch another more severe vulnerability tracked in CVE-2022-22965.
Keysight has assessed our product portfolio and determined that only the products below are potentially impacted1. Details and appropriate mitigation information can be found in the following table.
Product | Mitigation |
---|---|
Network Emulator II | Visit Ixia Security Advisory |
Network Emulator 100G+ | Visit Ixia Security Advisory |
5G UE Emulation based on Prisma | Visit Ixia Security Advisory |
IxLoad tG (DuSIM) | Visit Ixia Security Advisory |
RuSIM, UeSIM | Visit Ixia Security Advisory |
For additional questions, please contact Keysight.
1 Keysight used commercially reasonable efforts to compile the list of products affected by the Spring Framework vulnerabilities. Keysight offers this information for your convenience and does not warrant it is complete
Want help or have questions?