Spring Framework RCE (SpringShell / Spring4Shell CVE-2022-22965)

Update from April 5, 2022

The Dynatrace team has finished the review of CVE-2022-22965 and also CVE-2022-22963:

  • None of the public facing Dynatrace services are affected
  • None of the Dynatrace software components are affected

Update from April 1, 2022

The Dynatrace team is actively reviewing the recently published Spring Framework remote code execution vulnerability (CVE-2022-22965).

The vulnerable spring framework library is NOT part of any of the 3 Dynatrace components (version >= 1.175):

  • OneAgent not affected, vulnerable library not used
  • ActiveGate not affected, vulnerable library not used
  • Dynatrace Managed Cluster not affected, vulnerable library not used

Dynatrace Application Security continuously validates that any occurrence of the vulnerable spring framework library is rapidly detected and remediated on all production systems.

We will continue to assess the situation and provide further status updates on this page.

Notice

This document is provided on an “as is” basis, with no express or implied warranties. Some of the information provided may come from third parties. Your use of the information in the document or materials linked from the document is at your own risk. Dynatrace reserves the right to change or update this document without notice at any time. Dynatrace expects to update this document as new information becomes available.

Get article updates or report security vulnerabilities

Dynatrace takes a proactive approach in communicating security vulnerability information to customers. Learn more about Dynatrace security and our security policy. To report a security issue, email security@dynatrace.com.

RSS feed Report issue