Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000199089


DSA-2022-104: Dell EMC AppSync Security Update for a Spring ("Spring4Shell" or "SpringShell") Vulnerability

Summary: Dell EMC AppSync remediation is available for Spring that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Third-Party Component CVE(s) More information
Spring-webmvc jar version 3.0.5 (Spring Framework) CVE-2022-22965 https://tanzu.vmware.com/security/cve-2022-22965
Third-Party Component CVE(s) More information
Spring-webmvc jar version 3.0.5 (Spring Framework) CVE-2022-22965 https://tanzu.vmware.com/security/cve-2022-22965
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Version(s) Updated Version(s) Link to Update
Dell EMC AppSync 4.2.0.0
including service pack releases
4.4.0.0 https://dl.dell.com/downloads/DL107581
4.3.0.0
including service pack releases
Product Affected Version(s) Updated Version(s) Link to Update
Dell EMC AppSync 4.2.0.0
including service pack releases
4.4.0.0 https://dl.dell.com/downloads/DL107581
4.3.0.0
including service pack releases

Workarounds and Mitigations

None.

Revision History

RevisionDateDescription
1.02022-05-02Initial Release

Related Information


Article Properties


Affected Product

AppSync, AppSync, Product Security Information

Last Published Date

02 May 2022

Version

1

Article Type

Dell Security Advisory