Question & Answer
Question
Security vulnerabilities have been recently identified regarding Spring Framework. These are very critical, known as CVE-2022-22965 and CVE-2022-22963.
Is IBM Workload Scheduler susceptible to these vulnerabilities?
Is IBM Workload Scheduler susceptible to these vulnerabilities?
Answer
IBM Workload Scheduler is not vulnerable to Spring4Shell vulnerabilities, and this is true for IWS for Distributed and IWS for z/OS.
Affected "Spring" jar files are not installed with the product in v10 and moreover IWS 9.x releases are also running JDK versions that don't allow the exploit (JDK 7 and 8).
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSGSPN","label":"IBM Workload Scheduler"},"ARM Category":[{"code":"a8m50000000KzZHAA0","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Product Synonym
TWS;TWA;IWA;IWS;IWSd;IWSz
Was this topic helpful?
Document Information
Modified date:
04 April 2022
UID
ibm16569215