Apr 6, 2022•Knowledge
Summary:
On March 31, 2022, a vulnerability was discovered in Spring MVC and Spring WebFlux applications running on JDK 9+. This vulnerability was identified under CVE-2022-22965 (Spring4Shell).
Overview and Impact:
CVE-2022-22965 (Spring4Shell) is the designation for this vulnerability and affects Spring MVC (spring-webmvc) and Spring WebFlux (spring-webflux) when running on JDK 9 or above.
NIOS and BloxOne products are not exploitable by this vulnerability.
Confirmed Not Impacted
No workaround needed for Infoblox NIOS and Bloxone product.
Resolution:
No action is required for NIOS or BloxOne products identified above.
On March 31, 2022, a vulnerability was discovered in Spring MVC and Spring WebFlux applications running on JDK 9+. This vulnerability was identified under CVE-2022-22965 (Spring4Shell).
Overview and Impact:
CVE-2022-22965 (Spring4Shell) is the designation for this vulnerability and affects Spring MVC (spring-webmvc) and Spring WebFlux (spring-webflux) when running on JDK 9 or above.
NIOS and BloxOne products are not exploitable by this vulnerability.
Confirmed Not Impacted
- NIOS and Bloxone products are not vulnerable.
- NETMRI product is still under investigation and Infoblox will update this KB as information becomes available.
No workaround needed for Infoblox NIOS and Bloxone product.
Resolution:
No action is required for NIOS or BloxOne products identified above.