Skip to content

Latest commit

 

History

History
159 lines (157 loc) · 19.9 KB

README.md

File metadata and controls

159 lines (157 loc) · 19.9 KB

Overview of software (un)affected by vulnerability

This page contains an overview of software (un)affected by the Spring4shell vulnerabilities. NCSC-NL and partners are attempting to maintain a list of all known vulnerable and not vulnerable software. Listed software is paired with specific information regarding which version contains the security fixes and which software still requires fixes. Please note that this vulnerability may also occur in custom software developed within your organisation. These occurrences are not registered in this overview.

Supplier Product Version Status Spring4shell Confirmed vulnerable / under investigation / not vulnerable Notes Links
Alphatron Medical Twiin gateways Not applicable Uses Spring Framework Under investigation
Atlassian Confluence Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Atlassian Jira Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Atlassian Bamboo Server and Data Center Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Atlassian Bitbucket Server and Data Center Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Atlassian Crowd Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Atlassian Crucible Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Atlassian Fisheye Uses Spring Framework Not Vulnerable https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html
Blueriq Blueriq Not applicable Vulnerable https://www.blueriq.com/actueel/maatregelen-cve22950-22963-22965
Cisco Multiple products Not applicable Under investigation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
Commvault Multiple products Not applicable Not Vulnerable https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html#cv2022041-spring-framework
Extreme Networks VOSS Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks SLX-OS Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Network OS Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Extreme Management Center (XMC) Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks XIQ-SE Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks NetIron OS Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeControl Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeConnect Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeAnalytics Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Fabric Manager Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Guest and IoT Manager (GIM) Not applicable Not Vulnerable https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks EXOS User Spring framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks BOSS Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks EOS (S/K/7100) Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks WiNG Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks NSight Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeWireless Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeCloud IQ Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks IQVA Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks VGVA Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks HiveManager Classic Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks IQEngine Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeCloud A3 Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Traffic Sensor Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Extreme Campus Controller Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Extreme AirDefense Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeLocation Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeGuest (On-Premises) Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ExtremeGuest (Essentials) Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Extreme Fabric Automation (EFA) Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Extreme Visibility Manager (XVM) Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Ipanema SD-WAN Orchestrator Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Ipanema SALSA Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks Ipanema ip engine Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks 200-series Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
Extreme Networks ISW Uses Spring Framework Under investigation https://extremeportal.force.com/ExtrArticleDetail?an=000103717
F5 All product Not applicable Under investigation https://support.f5.com/csp/article/K11510688
F5 NGINX (all products) Not applicable Not Vulnerable https://support.f5.com/csp/article/K11510688
Fortinet FortiPortal Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiCASB Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAnalyzer-BigData Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiEDR Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiSOAR Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiEdge Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAIOps Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiLANCloud Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiPolicy Not applicable Under investigation https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiOS Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiManager Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAnalyzer Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiIsolator Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiMail Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiNDR Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiClientWindows Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiClientLinux Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiClientMac Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiClientEMS Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiClientAndroid Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiADC Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAuthenticator Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAP Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAP-C Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAP-S Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAP-U Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAP-W2 Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiDeceptor Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiDDoS Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiDDoS-F Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiExtender Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiRecorder Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiSandbox Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiSIEM Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiTester Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiSwitch Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiVoiceEnterprise Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiWeb Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiWLC Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiWLM Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet Forticonnect Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiConverter Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiInsight Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiPentest Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiPlanner Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiPresence Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiAPCloud Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
Fortinet FortiNAC Not applicable Not Vulnerable https://fortiguard.fortinet.com/psirt/FG-IR-22-072
GeoServer Geoserver Uses Spring Framework Not Vulnerable https://geoserver.org/announcements/vulnerability/2022/04/01/spring.html
Okta Okta services Not applicable Not Vulnerable https://sec.okta.com/articles/2022/04/oktas-response-cve-2022-22965-spring4shell
Jamf Pro Uses Spring Framework Vulnerable https://community.jamf.com/t5/jamf-pro/spring4shell-vulnerability/td-p/262584
Jenkins Core and Plugins Not applicable Not Vulnerable https://www.jenkins.io/blog/2022/03/31/spring-rce-CVE-2022-22965/
Jenkins Infrastructure Not applicable Not Vulnerable https://www.jenkins.io/blog/2022/03/31/spring-rce-CVE-2022-22965/
McAfee ePolicy 5.x Not Vulnerable https://kc.mcafee.com/corporate/index?page=content&id=KB95454&locale=en_US
Microfocus Vertica Server Not applicable Not Vulnerable https://portal.microfocus.com/s/article/KM000005107?language=en_US
NetApp Multiple products Uses Spring Framework Under investigation https://security.netapp.com/advisory/ntap-20220331-0011/
NetApp Multiple products Uses Spring Framework Not Vulnerable https://security.netapp.com/advisory/ntap-20220331-0011/
PagerDuty Rundeck Uses Spring Framework Under investigation
Pulse Secure Ivanti Pulse Secure Not applicable Not Vulnerable https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB45126/?kA13Z000000L3sW
PTC WindChill PDMLink 11.1 M020 to 12.1.0.0 Uses Spring Framework Vulnerable https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search
PTC FlexPLM 11.1 M010 to 12.0.3.0 Uses Spring Framework Vulnerable https://www.ptc.com/en/support/article/cs366379?language=en&posno=1&q=CVE-2022-22965&source=search
Red Hat Descision Manager 7 Vulnerable https://access.redhat.com/security/cve/CVE-2022-22965
Red Hat JBoss A-MQ 6 6-7 Vulnerable https://access.redhat.com/security/cve/CVE-2022-22965
Red Hat JBoss Fuse 6 6-7 Vulnerable https://access.redhat.com/security/cve/CVE-2022-22965
Red Hat Process Automation 7 Vulnerable https://access.redhat.com/security/cve/CVE-2022-22965
Red Hat Virtualization 4 Vulnerable https://access.redhat.com/security/cve/CVE-2022-22965
Salesforce Tableau Server Uses Spring Framework Under investigation https://kb.tableau.com/articles/Issue/Spring4Shell-CVE-2022-22963-and-CVE-2022-22965
Servicenow ServiceNow instance or MID Uses Spring Framework Under investigation https://community.servicenow.com/community?id=community_question&sys_id=5530394edb2e8950e2adc2230596194f
Solarwinds Database Performance Analyzer (DPA) Uses Spring Framework Under investigation https://www.solarwinds.com/trust-center/security-advisories/spring4shell
Solarwinds Security Event Manager (SEM) Uses Spring Framework Under investigation https://www.solarwinds.com/trust-center/security-advisories/spring4shell
Solarwinds Web Help Desk (WHD) Uses Spring Framework Under investigation https://www.solarwinds.com/trust-center/security-advisories/spring4shell
Sonicwall Multiple products Not applicable Not Vulnerable https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
Trend Micro All product Unknown Under investigation https://success.trendmicro.com/dcx/s/solution/000290730?language=en_US
Veritas Backup Exec Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Desktop Laptop Option Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Enterprise Vault Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Enterprise Vault cloud Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas NetBackup Recovery Vault Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas NetBackup SaaS Protection Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Merge1 Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Quick Assist Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Veritas Advanced Supervision Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Veritas System Recovery Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas CloudPoint Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas Data Insight Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas eDiscovery Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas InfoScale VIOM Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas NetBackup Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas NetBackup IT Analytics (Previously APTARE) Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas NetBackup OpCenter Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
Veritas VRP Not applicable Not Vulnerable https://www.veritas.com/content/support/en_US/security/VTS22-006
VMware Tanzu Application Service for VMs 2.11-2.13 Vulnerable https://www.vmware.com/security/advisories/VMSA-2022-0010.html
VMware Tanzu Application Service 2.10 Vulnerable https://www.vmware.com/security/advisories/VMSA-2022-0010.html
VMware Tanzu Operations Manager 2.8-2.10 Vulnerable https://www.vmware.com/security/advisories/VMSA-2022-0010.html
VMware TKGI 1.11-1.13 Vulnerable https://www.vmware.com/security/advisories/VMSA-2022-0010.html
Kofax Kofax Communication Manager Uses Spring Framework Not Vulnerable https://community.kofax.com/s/question/0D53m00006FG8NVCA1/communications-manager-release-announcements?language=en_US
Kofax Device Web Service Uses Spring Framework Not Vulnerable https://community.kofax.com/s/question/0D53m00006w0My3CAE/controlsuite-release-announcements?language=en_US
Kofax Invoice Portal Uses Spring Framework Not vulnerable https://community.kofax.com/s/question/0D53m00006FG8RtCAL/readsoft-release-announcements?language=en_US
Kofax RPA Uses Spring Framework Under investigation https://community.kofax.com/s/question/0D53m00006FG8ThCAL/robotic-process-automation-release-announcements?language=en_US
Kofax MarkView Uses Spring Framework Not vulnerable https://community.kofax.com/s/question/0D53m00006FG8QdCAL/markview-release-announcements
Kofax Printix Uses Spring Framework Not vulnerable https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information
Kofax SafeCom Uses Spring Framework Not vulnerable https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information
Kofax SignDoc Uses Spring Framework Under investigation https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information
Kofax Process Director for Accounts Payable Uses Spring Framework Not vulnerable https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Spring4Shell_vulnerability_information