Is Empower impacted by CVE-2022-22965 - Spring Java framework zero-day vulnerability? - WKB230892
Article number: 230892
ENVIRONMENT
- Empower
- Spring Java framework (Spring4Shell)
- CVE-2022-22965
ANSWER
No, Empower is not a Java-based application. Empower is not affected by CVE-2022-22965 - Spring Java framework zero-day vulnerability.
- WDM is the only Java-based component of Empower.
- WDM does not use Tomcat HTTP (web) server. (Tomcat web server is a prerequisite to exploit this CVE.)
ADDITIONAL INFORMATION
NVD - cve-2022-22965 (nist.gov)
id230892, EMP2LIC, EMP2OPT, EMP2SW, EMP3GC, EMP3LIC, EMP3OPT, EMP3SW, EMPGC, EMPGPC, EMPLIC, EMPOWER2, EMPOWER3, EMPSW, SUP