As seen in the news recently, people went crazy after the CVE-2022-22965 proof-of-concept was leaked into the wild as a possible reminiscence of the Log4j threat. This time it affects the Spring framework widely used in the Java community and could allows to run some malicious code when the app is deployed as a WAR in Apache Tomcat.
How to tell if one of your software is potentially affected ? While you could assert of this issue by running a curl command, you can do much better using Dependency Track SaaS. Our solution will help you keep track of all the libraries used by the software you run in your company. Dashboards and configurable alerts will notify you immediately once a new security bulletin is published that affects your software.
How to detect if a specific vulnerability is affecting any of my software
Follow those easy steps:
- Open the list of vulnerabilities
- Search for a specific security bulletin using its CVE number, for example CVE-2022-22965 for the SpringShell vulnerability
- Open the bulletin details
- Select the “Affected Projects” tabs
Need more help, contact usContact us