1.0.02: Patch 2

BMC Software is alerting users to the SpringShell/Spring4Shell vulnerability that requires immediate attention in BMC PATROL for Cloud Foundry 1.0.

A zero-day exploit for the vulnerability CVE-2022-22965 (code named Spring Shell or Spring4Shell) was publicly released on March 30, 2022.

Date: April 8, 2022

Related topics


A detailed description of the vulnerability (CVSS v3 rating: 9.8) can be found here: Spring4Shell Vulnerability Open link .

Follow the BMC Security Advisory Note Open link  on BMC Community for continuous updates and details about this issue.

If you have any questions about the problem, contact BMC Support

We recommend that you immediately apply the fix as described in this topic.


This patch upgrades the following jars and removes the vulnerable jars:

Earlier version Upgraded version





For BMC Helix Operations Management:

  1. Create a deployable package by using the 1.0.02 version.
  2. Deploy the patch on the PATROL Agent.

No changes are required to the existing monitor policies. If you want to create new monitor policies, use the 1.0.02 version.

For more information, see Creating deployable packages Open link .

For TrueSight Operations Management:

Download and install the patch.

For more information, see Downloading the installation files 

Was this page helpful? Yes No Submitting... Thank you