1.0.02: Patch 2
BMC Software is alerting users to the SpringShell/Spring4Shell vulnerability that requires immediate attention in BMC PATROL for Cloud Foundry 1.0.
A zero-day exploit for the vulnerability CVE-2022-22965 (code named Spring Shell or Spring4Shell) was publicly released on March 30, 2022.
Date: April 8, 2022
Issue
A detailed description of the vulnerability (CVSS v3 rating: 9.8) can be found here:
Spring4Shell Vulnerability
.
Follow the
BMC Security Advisory Note
on BMC Community for continuous updates and details about this issue.
If you have any questions about the problem, contact BMC Support.
We recommend that you immediately apply the fix as described in this topic.
Resolution
This patch upgrades the following jars and removes the vulnerable jars:
| Earlier version | Upgraded version |
|---|---|
spring-web-5.3.17 | spring-web-5.3.18 |
spring-core-5.3.17 | spring-core-5.3.18 |
For BMC Helix Operations Management:
- Create a deployable package by using the 1.0.02 version.
- Deploy the patch on the PATROL Agent.
No changes are required to the existing monitor policies. If you want to create new monitor policies, use the 1.0.02 version.
For more information, see
Creating deployable packages
.
For TrueSight Operations Management:
Download and install the patch.
For more information, see Downloading the installation files
Comments
Log in or register to comment.