1.0.02: Patch 2
BMC Software is alerting users to the SpringShell/Spring4Shell vulnerability that requires immediate attention in BMC PATROL for Cloud Foundry 1.0.
A zero-day exploit for the vulnerability CVE-2022-22965 (code named Spring Shell or Spring4Shell) was publicly released on March 30, 2022.
Date: April 8, 2022
A detailed description of the vulnerability (CVSS v3 rating: 9.8) can be found here: .
Follow the on BMC Community for continuous updates and details about this issue.
If you have any questions about the problem, contact BMC Support.
We recommend that you immediately apply the fix as described in this topic.
This patch upgrades the following jars and removes the vulnerable jars:
|Earlier version||Upgraded version|
For BMC Helix Operations Management:
- Create a deployable package by using the 1.0.02 version.
- Deploy the patch on the PATROL Agent.
No changes are required to the existing monitor policies. If you want to create new monitor policies, use the 1.0.02 version.
For more information, see .
For TrueSight Operations Management:
Download and install the patch.
For more information, see Downloading the installation files