Subscribe

VMware Release Security Updates To Fix Spring4Shell RCE Flaw

VMware has released security updates to fix the critical remote code execution (RCE) flaw known as Spring4Shell.

The bug affects several of the company’s cloud computing and virtualisation products.

The bug, which is tracked as CVE-2022-22965, was found in the Spring Core Java framework and can be exploited without authentication.

The vulnerability has a severity of 9.8 out of 10. This means that it could be used by any malicious actor to gain access to vulnerable applications.

It can then be used to execute arbitrary commands and take complete control of a target system.

Affected products include VMware Tanzu Application Service for VMs (versions 2.10 to 2.13), VMware Tanzu Operations Manager (versions 2.8 to 2.9), and VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) versions 1.11 to 1.13.

Security updates are available for the first two products that cover multiple release branches with point releases, but a permanent fix for VMware Tanzu Kubernetes Grid Integrated Edition is still in the works.

For products without a permanent solution, VMware has provided a workaround that allows users to bypass the bug.

For more, read the original story in BleepingComputer.

Top Stories

Toyota confirms leak of 240GB of sensitive data in recent hack

Former Google CEO Eric Schmidt makes controversial comments

Study finds 94% of spreadsheets have critical errrors

Study says 94% of spreadsheets contain critical errors

Elon Musk claims DDoS attack caused issues in live-streamed interview with Trump – experts are skeptical

Google anti-trust ruling a financial disaster for Firefox

Related Articles

Europe Seeks Alternatives to U.S. Cloud Providers Amid Sovereignty Concerns

March 26, 2025 European nations and companies are actively pursuing alternatives to U.S.-based cloud service providers, driven by concerns over data more...

Google Confirms Data Deletion Error in Drive and Photos

March 23, 2025 Google has admitted to a technical error that caused some users’ files to be accidentally and permanently deleted more...

AWS claims its competition is “repatriation” with customers returning to on-premises infrastructure

September 18, 2024 In a surprising turn of events, cloud giant Amazon Web Services (AWS) is now claiming that it faces more...

Target’s new AI is aimed at employees

June 20, 2024 Target is introducing a new generative artificial intelligence tool aimed at enhancing the efficiency of its store employees more...

Jim Love

Jim Is and author and pud cast host with over 40 years in technology.

Share:
X/Twitter
Linkedin
Blue Sky
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.