Critical Severity

Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Share this post:

IBM Tivoli Monitoring is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The Tivoli Enterprise Portal Server (CQ) component includes but does not use it. The fix removes Spring from the product.

CVE(s): CVE-2022-22965

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Tivoli Monitoring 6.3.0 – 6.3.0.7 (up to 6.3.0.7 Service pack 10)

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6587154
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223103

More stories

Security Bulletin: IBM Tivoli Netcool Impact is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

July 5, 2022 | Critical Severity

IBM Tivoli Netcool Impact is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965).Spring is shipped as part of ActiveMQ package but is not used by the product. The fix removes Spring from the product. ...read more


Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.

July 5, 2022 | Critical Severity

The product includes multiple vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. ...read more


Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Protect Plus

June 30, 2022 | Critical Severity

PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Spectrum Protect Plus. ...read more