Critical Severity

Security Bulletin:IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965)

Share this post:

IBM Common Licensing is affected but not classified as vulnerable to a remote code execution in Spring Framework (220575, CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. In IBM Common Licensing Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 and is Spring- webmvc dependent. The fix includes Spring 5.3.19.

CVE(s): CVE-2022-22965, IBM X-Force ID:   220575

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Common Licensing ART 8.1.6
IBM Common Licensing ART 9.0
IBM Common Licensing Agent 9.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6590823
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223103

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in GnuPG [CVE-2022-3515 and CVE-2022-34903]

November 30, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of GnuPG. [CVE-2022-3515 and CVE-2022-34903] This has been addressed. ...read more


Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Text [CVE-2022-42889]

November 30, 2022 | Critical Severity

Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Text and the issue has been addressed. [CVE-2022-42889] ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Text [CVE-2022-42889]

November 30, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Text. [CVE-2022-42889] This has been addressed. ...read more