FortiDevSec is an application security testing product that offers a comprehensive SaaS based continuous application testing for software Developers and DevOps, without the need for any security expertise
This article describes a VMware Spring Cloud Function vulnerability detection with FortiDevSec.
CVE-2022-22963 vulnerability is a 0-day exploit that was discovered on Spring Framework which is an open-source lightweight Java-based platform application development framework for creating high-performing and easily testable code. This zero-day can result in remote code execution, allowing the attacker to get full control of the target.
Scope
FortiDevSec SCA scanner updated in version 22.4.a.
Solution
Detection against the vulnerability is empowered by the FortiDevSec Software Composition Analysis (SCA) scanner.
This technology enables FortiDevSec to assess with a high level of confidence if the application codebase is vulnerable to a specific vulnerability by identifying open-source software dependencies.
The SCA scanner is enabled by default. Once the scan is performed on an application, the result appears under the Software Composition Analysis tab.
A step-by-step guide on how to scan your application is available in the user guide.
