Apr 6, 2022•Knowledge Summary:On March 31, 2022, a vulnerability was discovered in Spring MVC and Spring WebFlux applications running on JDK 9+. This vulnerability was identified under CVE-2022-22965 (Spring4Shell). Overview and Impact:CVE-2022-22965 (Spring4Shell) is the designation for this vulnerability and affects Spring MVC (spring-webmvc) and Spring WebFlux (spring-webflux) when running on JDK 9 or above.NIOS and BloxOne products are not exploitable by this vulnerability. Confirmed Not Impacted NIOS and Bloxone products are not vulnerable. Under investigation: NETMRI product is still under investigation and Infoblox will update this KB as information becomes available. Workaround:No workaround needed for Infoblox NIOS and Bloxone product.Resolution:No action is required for NIOS or BloxOne products identified above.
Summary:On March 31, 2022, a vulnerability was discovered in Spring MVC and Spring WebFlux applications running on JDK 9+. This vulnerability was identified under CVE-2022-22965 (Spring4Shell). Overview and Impact:CVE-2022-22965 (Spring4Shell) is the designation for this vulnerability and affects Spring MVC (spring-webmvc) and Spring WebFlux (spring-webflux) when running on JDK 9 or above.NIOS and BloxOne products are not exploitable by this vulnerability. Confirmed Not Impacted NIOS and Bloxone products are not vulnerable. Under investigation: NETMRI product is still under investigation and Infoblox will update this KB as information becomes available. Workaround:No workaround needed for Infoblox NIOS and Bloxone product.Resolution:No action is required for NIOS or BloxOne products identified above.
