My Oracle Support Banner

Does SOA marketplace SOA/OSB has vulnerabiilty CVE-2022-22965? (Doc ID 3028711.1)

Last updated on JUNE 24, 2024

Applies to:

SOA on Marketplace - Version 12.2.1.4 and later
Information in this document applies to any platform.

Goal

On : NA version, Security

How do we fix spring vulnerability..?

Hi Team,

Our security team has flagged below spring jar files as vulnerable. Can you please help us fix the issues..?


Spring Framework Remote Code Execution (RCE) Vulnerability (Spring4Shell) Scan Utility
/u01/app/oracle/middleware/oracle_common/modules/thirdparty/spring-webflux-5.1.3.RELEASE.jar
 /u01/app/oracle/middleware/oracle_common/modules/thirdparty/spring-webmvc-5.1.3.RELEASE.jar
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.