Subscribe

VMware Release Security Updates To Fix Spring4Shell RCE Flaw

April 5, 2022

VMware has released security updates to fix the critical remote code execution (RCE) flaw known as Spring4Shell.

The bug affects several of the company’s cloud computing and virtualisation products.

The bug, which is tracked as CVE-2022-22965, was found in the Spring Core Java framework and can be exploited without authentication.

The vulnerability has a severity of 9.8 out of 10. This means that it could be used by any malicious actor to gain access to vulnerable applications.

It can then be used to execute arbitrary commands and take complete control of a target system.

Affected products include VMware Tanzu Application Service for VMs (versions 2.10 to 2.13), VMware Tanzu Operations Manager (versions 2.8 to 2.9), and VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) versions 1.11 to 1.13.

Security updates are available for the first two products that cover multiple release branches with point releases, but a permanent fix for VMware Tanzu Kubernetes Grid Integrated Edition is still in the works.

For products without a permanent solution, VMware has provided a workaround that allows users to bypass the bug.

For more, read the original story in BleepingComputer.

Top Stories

What a year this has been.

Top 10 reflections on information technology developments in 2025

Spotify says it has identified account behind mass scraping claimed by pirate group

Waymo suspends San Francisco robotaxi service after power outage leaves cars blocking roads

Facial recognition becomes mandatory for new mobile accounts in South Korea

Alphabet to buy data centre and energy firm to boost AI capacity

Related Articles

Top 10 reflections on information technology developments in 2025

December 23, 2025 Editor's Notes: This is the first of two articles reflecting on the year but Yogi Schulz. Schulz' more...

Alphabet to buy data centre and energy firm to boost AI capacity

December 23, 2025 Google parent company Alphabet said Monday that it will acquire Intersect Power for $4.75 billion in cash more...

AI is reshaping how people look for information, Google’s Year in Search 2025 shows

December 22, 2025 Artificial intelligence dominated global search behaviour in 2025, with Google’s own AI assistant, Gemini, emerging as the more...

Former Shopify product chief joins OpenAI to lead ChatGPT app platform

December 22, 2025 OpenAI has hired the former head of Shopify’s core product organization to lead its next phase of more...

Picture of TND Newsdesk

TND Newsdesk

Picture of TND Newsdesk

TND Newsdesk

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.