Support Content Notification - Support Portal

BSA-2022-1768

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21301

Last Updated

04 April 2022

Initial Publication Date

04 April 2022

Status

Closed

Severity

Critical

CVSS Base Score

9.8

WorkAround

N/A

Affected CVE

CVE-2022-22963

Summary

Security Advisory ID : BSA-2022-1768

Component : Spring Cloud

Revision : 1.0

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

More information at:

CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression
Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring

Affected Products

No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by CVE-2022-22963.

Revision History

Version	Change	Date
1.0	Initial Publication	April 4, 2022