You are curious whether your SAP NetWeaver Application Server Java system is affected by spring core remote code execution vulnerability exploited In the wild (SpringShell). See documentation: CVE-2022-22965.
- Vulnerability CVE-2022-22965
- How does this impact SAP Netweaver Application Server Java Core Components
- The AS Java Core Software Components are documented in KBA 1794179 Importing AS Java Core patches for NetWeaver 7.1 or higher
Affected Software and Versions / Existing proofs of concept (PoCs) for exploitation work under the following conditions:
- JDK 9 or higher
- Apache Tomcat as the Servlet container
- Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
- spring-webmvc or spring-webflux dependency
- Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions
KBA , BC-JAS-COR , Enterprise Runtime, Core J2EE Framework , BC-JAS-SEC , Security, User Management , BC-JVM , SAP Java Virtual Machine , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.