VPLEX: Metro Node False Positive Security Vulnerabilities
Summary: This article provides a list of security vulnerabilities that cannot be exploited on Dell VPLEX GeoSynchrony 6.x SuSE Linux Enterprise Server (SLES) OS but which may be identified by security scanners. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Security Article Type
Security KB
CVE Identifier
The CVE IDs are listed in the table below.
Issue Summary
See the 'Recommendation' section below for details on each CVE.
Recommendations
The vulnerabilities listed in the table below are in order by the date on which VPLEX/Metro Node Engineering determined that the VPLEX GeoSynchrony and Metro Node OS SLES are not vulnerable.
| Embedded Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Spring4Shell | CVE-2022-22963 | In Spring Cloud Function versions 3.1.6, 3.2.2, and earlier unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | SUSE does not include the Spring framework in its products, so none of our products are affected by this issue. SUSE Bugzilla entry: 1197804 [RESOLVED / INVALID] |
January 10, 2022 |
| Spring4Shell | CVE-2022-22965 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) using data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, (the default), it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | SUSE does not include the Spring framework in its products, so none of our products are affected by this issue. SUSE Bugzilla entry: 1197879 [RESOLVED / INVALID] |
January 10, 2022 |
Additional Information
Official guidance: (1) Spring RCEs CVE-2022-22963 & CVE-2022-22965 - Product and Application Security Knowledge Base - PAS Confluence (dell.com)
Related EE ticket:[VPLEX-43888] CVE-2022-22963 & CVE-2022-22965 Vulnerability Impact on VPLEX - ISG Jira (internal) (emc.com)
Related EE ticket:[VPLEX-43888] CVE-2022-22963 & CVE-2022-22965 Vulnerability Impact on VPLEX - ISG Jira (internal) (emc.com)
Legal Disclaimer
Affected Products
metro node mn-114, VPLEX Series, VPLEX VS2, VPLEX VS6Article Properties
Article Number: 000198111
Article Type: Security KB
Last Modified: 07 May 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.