Outbreak Alert: VMware Spring Cloud Function Remote Code Execution Vulnerability
| Description | This article describes a VMware Spring Cloud Function vulnerability detection with FortiDevSec.
CVE-2022-22963 vulnerability is a 0-day exploit that was discovered on Spring Framework which is an open-source lightweight Java-based platform application development framework for creating high-performing and easily testable code. This zero-day can result in remote code execution, allowing the attacker to get full control of the target. |
| Scope | FortiDevSec SCA scanner updated in version 22.4.a. |
| Solution | Detection against the vulnerability is empowered by the FortiDevSec Software Composition Analysis (SCA) scanner.
This technology enables FortiDevSec to assess with a high level of confidence if the application codebase is vulnerable to a specific vulnerability by identifying open-source software dependencies.
The SCA scanner is enabled by default. Once the scan is performed on an application, the result appears under the Software Composition Analysis tab.
A step-by-step guide on how to scan your application is available in the user guide.
For more details regarding mitigating the vulnerability by utilizing Fortinet products, refer to https://www.fortiguard.com/outbreak-alert/vmware-spring-cloud-function. |