Spring Scan Analysis
Log In or Register to download the BES file, and more.

1 Votes

Description

This is Community Content. When you use these solutions, it is incumbent on your organization to test any solutions provided across the broadest available system base including various OS, storage solutions, and application inventory.

Please see the Community Solution Testing Statement

This Analysis retrieves results of a filesystem scan to attempt detecting Spring Framework versions that may be vulnerable to one of the following vulnerabilties reported in March 2022:

 

https://tanzu.vmware.com/security/cve-2022-22965

https://tanzu.vmware.com/security/cve-2022-22963

https://tanzu.vmware.com/security/cve-2022-22950

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

 

This Analysis attempts to detect the presence and versions of Spring frameworks, without distinction between vulnerable or updated versions.  These results should be considered only a starting point in determining whether a system is actually vulnerable, along with other information such as the version of Java Virtual Machine and specific application or code configurations as referenced in the security bulletins above.


Property Details

ID2998672
StatusAlpha - Code that was just developed
TitleSpring Scan Analysis
DomainBESC
KeywordsSpring, vulnerability, scan, cve-2022-22950, cve-2022-22963, cve-2022-22965
Added by on 4/1/2022 2:11:07 PM
Last Modified by on 4/1/2022 2:11:07 PM
Counters 2039 Views / 55 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 2 ratings. ** Log In or Register to add your rating.

Properties

All Spring Detections
Period 30 minutes
 
  * Results in a true/false
Show indented relevance
(if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "::") of files "Spring-scan.txt" of folders "Scans" of folders ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite")))
Number of Spring Detections
Period 30 minutes
 
  * Results in a true/false
Show indented relevance
number of (if exists property "locked lines" then locked lines of it else lines of it) whose (it does not start with "::") of files "Spring-scan.txt" of folders "Scans" of folders ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite")))
Unique Spring Versions Found
Period 30 minutes
 
  * Results in a true/false
Show indented relevance
unique values of (unique value of following texts of lasts "-" of preceding texts of lasts ".jar" of (it as lowercase) | "unknown") of lines whose (it does not start with "::") of files "Spring-scan.txt" of folders "Scans" of folders ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite")))

Relevance

Used in 33 fixlets and 17 analyses   * Results in a true/false
Show indented relevance
if exists property "in proxy agent context" then not in proxy agent context else true
Used in 1 analsis   * Results in a true/false
Show indented relevance
exists files "Spring-scan.txt" of folders "Scans" of folders ((if (version of client >= "9" as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site "actionsite")))

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!