VMware Tanzu Application Service for VMs
VMware Tanzu Operations Manager
VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)
A critical vulnerability in Spring Framework project identified by CVE-2022-22965 has been publicly disclosed which impacts VMware products.
Description
Multiple products impacted by remote code execution vulnerability (CVE-2022-22965).
Known Attack Vectors
A malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system.
Resolution
Fixes for CVE-2022-22965 are documented in the âFixed Versionâ column of the âResponse Matrixâ below.
Workarounds
Workarounds for CVE-2022-22965 are documented in the âWorkaroundsâ column of the âResponse Matrixâ below.
Additional Documentation
None.
Notes
Acknowledgements
None.