SAP Knowledge Base Article - Preview

3171178 - Spring Framework vulnerabilities do not affect SAP Data Services


  • Is Data Services affected by Spring4Shell vulnerabilities?
    • CVE-2022-22950
    • CVE-2022-22965
    • CVE-2022-22970
    • CVE-2022-22971
  • CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
  • A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework.
  • Spring is a software framework for building Java applications, including web apps on top of the Java EE (Enterprise Edition) platform.
  • Additional details of the flaw, dubbed "SpringShell" and "Spring4Shell," have been withheld to prevent exploitation attempts and until a fix is in place by the framework's maintainers,, a subsidiary of VMware. It's also yet to be assigned a Common Vulnerabilities and Exposures (CVE) identifier.



SAP Data Services, SAP Data Services 4.x


Spring4Shell, SAP Data Services, SAP BODS, CVE-2022-22965 , KBA , EIM-DS-SVR , Administration/Server , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.