{ "document": { "acknowledgments": [ { "summary": "This vulnerability was publicly disclosed by VMware on March 31, 2022." } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "notes": [ { "category": "summary", "title": "Summary", "text": "On March 31, 2022, the following critical vulnerability in the Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+ was released:\r\n\r\n CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+\r\n\r\nFor a description of this vulnerability, see VMware Spring Framework Security Vulnerability Report [\"https://tanzu.vmware.com/security/cve-2022-22965\"].\r\n\r\n" }, { "category": "general", "title": "Affected Products", "text": "Cisco investigated its product line to determine which products may be affected by this vulnerability.\r\n\r\nThe Vulnerable Products [\"#vp\"] section includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool [\"https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID\"] and contain additional platform-specific information, including workarounds (if available) and fixed software releases.\r\n\r\nAny product not listed in the Affected Products section of this advisory is to be considered not vulnerable." }, { "category": "general", "title": "Vulnerable Products", "text": "Cisco investigated its product line to determine which products may be affected by this vulnerability.\r\n\r\nThe following table lists Cisco products that are affected by the vulnerability that is described in this advisory. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. Customers should refer to the associated Cisco bug(s) for further details.\r\n Product Cisco Bug ID Fixed Release Availability [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] Endpoint Clients and Client Software Cisco CX Cloud Agent Software CSCwb41735 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb41735\"] 2.0 (Available) Network Management and Provisioning Cisco Automated Subsea Tuning CSCwb43658 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43658\"] 2.1.0 (31 May 2022) Cisco Crosswork Network Controller CSCwb43703 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43703\"] 3.0.2 (Available)\r\n2.0.2 (Available) Cisco Crosswork Optimization Engine CSCwb43709 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43709\"] 3.1.1 (Available)\r\n2.1.1 (Available) Cisco Crosswork Zero Touch Provisioning (ZTP) CSCwb43706 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43706\"] 3.0.2 (Available)\r\n2.0.2 (Available) Cisco DNA Center CSCwb43650 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43650\"] 2.3.3.3 (17 Jun 2022)\r\n2.2.3.6 (6 Jun 2022)\r\n2.2.2.9 (6 Jun 2022) Cisco Evolved Programmable Network Manager CSCwb43643 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43643\"] 6.0.1.1 (Available)\r\n5.1.4.1 (Available)\r\n5.0.2.3 (Available) Cisco Managed Services Accelerator (MSX) CSCwb43667 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43667\"] 4.2.3 (Available) Cisco Optical Network Planner CSCwb43691 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43691\"] 4.2 (31 May 2022)\r\n5.0 (30 Aug 2022) Cisco WAN Automation Engine (WAE) Live CSCwb43708 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43708\"] 7.5.2.1 (Available)\r\n7.4.0.2 (Available)\r\n7.3.0.3 (Available) Cisco WAN Automation Engine (WAE) CSCwb43708 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43708\"] 7.5.2.1 (Available)\r\n7.4.0.2 (Available)\r\n7.3.0.3 (Available) Data Center Network Manager (DCNM) CSCwb43637 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43637\"] 11.5.4 (Available) Nexus Dashboard Fabric Controller (NDFC) CSCwb43637 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43637\"] 12.1.1 (30 Jun 2022) Routing and Switching - Enterprise and Service Provider Cisco Optical Network Controller CSCwb43692 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43692\"] 2.0 (31 May 2022) Cisco Software-Defined AVC (SD-AVC) CSCwb43727 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43727\"] 4.3.1 (30 July 2022)\r\n4.4.0 (30 Nov 2022) Voice and Unified Communications Devices Cisco Enterprise Chat and Email CSCwb45202 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb45202\"] 11.6 - Not vulnerable.\r\n12.0 (6 Jun 2022)\r\n12.5 (6 Jun 2022)\r\n12.6 ES2 (6 Jun 2022) Video, Streaming, TelePresence, and Transcoding Devices Cisco Meeting Server CSCwb43662 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43662\"] 3.5.0 (Available)\r\n3.4.2 (31 May 2022)\r\n3.3.3 (17 Jun 2022)" }, { "category": "general", "title": "Products Confirmed Not Vulnerable", "text": "Cisco investigated its product line to determine which products may be affected by this vulnerability.\r\n\r\nAny product not listed in the Affected Products section of this advisory is to be considered not vulnerable.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nCable Devices\r\n\r\nCisco Continuous Deployment and Automation Framework\r\nCisco Prime Cable Provisioning\r\n\r\nCollaboration and Social Media\r\n\r\nCisco SocialMiner\r\nCisco Webex App, formerly Cisco Webex Teams\r\nCisco Webex Meetings Server\r\n\r\nNetwork Application, Service, and Acceleration\r\n\r\nCisco Wide Area Application Services (WAAS)\r\n\r\nNetwork and Content Security Devices\r\n\r\nCisco Adaptive Security Appliance (ASA) Software\r\nCisco Firepower Device Manager (FDM)\r\nCisco Firepower Management Center (FMC) Software\r\nCisco Firepower System Software\r\nCisco Identity Services Engine (ISE)\r\nCisco Secure Email Gateway, formerly Email Security Appliance (ESA)\r\nCisco Secure Email and Web Manager, formerly Cisco Content Security Management Appliance (SMA)\r\nCisco Secure Network Analytics, formerly Cisco Stealthwatch\r\nCisco Security Manager\r\nCisco Umbrella Active Directory (AD) Connector\r\nCisco Umbrella Roaming Clients\r\nCisco Umbrella Virtual Appliance\r\n\r\nNetwork Management and Provisioning\r\n\r\nCisco Application Policy Infrastructure Controller (APIC)\r\nCisco Business Process Automation\r\nCisco CloudCenter Action Orchestrator\r\nCisco CloudCenter Cost Optimizer\r\nCisco CloudCenter Suite Admin\r\nCisco CloudCenter Workload Manager\r\nCisco CloudCenter\r\nCisco Collaboration Audit and Assessments\r\nCisco Common Services Platform Collector (CSPC)\r\nCisco Connected Mobile Experiences\r\nCisco Connected Pharma\r\nCisco Crosswork Change Automation\r\nCisco Crosswork Data Gateway\r\nCisco Crosswork Network Automation\r\nCisco Crosswork Situation Manager\r\nCisco Elastic Services Controller (ESC)\r\nCisco Extensible Network Controller (XNC)\r\nCisco Intelligent Node (iNode) Manager\r\nCisco IoT Field Network Director, formerly Cisco Connected Grid Network Management System\r\nCisco NCS 2000 Shelf Virtualization Orchestrator (SVO)\r\nCisco Network Change and Configuration Management\r\nCisco Network Insights for Data Center\r\nCisco Nexus Dashboard Data Broker, formerly Cisco Nexus Data Broker\r\nCisco Nexus Dashboard, formerly Cisco Application Services Engine\r\nCisco Nexus Insights\r\nCisco Policy Suite for Mobile\r\nCisco Policy Suite\r\nCisco Prime Performance Manager\r\nCisco Smart PHY\r\nCisco ThousandEyes Endpoint Agent\r\nCisco ThousandEyes Enterprise Agent\r\nCisco Virtual Topology System - Virtual Topology Controller (VTC) VM\r\n\r\nRouting and Switching - Enterprise and Service Provider\r\n\r\nCisco ACI HTML5 vCenter Plug-in\r\nCisco ASR 5000 Series Routers\r\nCisco Enterprise NFV Infrastructure Software (NFVIS)\r\nCisco GGSN Gateway GPRS Support Node\r\nCisco IOx Fog Director\r\nCisco IP Services Gateway (IPSG)\r\nCisco MME Mobility Management Entity\r\nCisco Mobility Unified Reporting and Analytics System\r\nCisco Network Convergence System 2000 Series\r\nCisco ONS 15454 Series Multiservice Provisioning Platforms\r\nCisco PDSN/HA Packet Data Serving Node and Home Agent\r\nCisco PGW Packet Data Network Gateway\r\nCisco SD-WAN vManage\r\nCisco System Architecture Evolution Gateway (SAEGW)\r\nCisco Ultra Packet Core\r\nCisco Ultra Services Platform\r\n\r\nRouting and Switching - Small Business\r\n\r\nCisco Business Dashboard\r\n\r\nUnified Computing\r\n\r\nCisco HyperFlex\r\n\r\nVoice and Unified Communications Devices\r\n\r\nCisco BroadWorks\r\nCisco Cloud Connect\r\nCisco Emergency Responder\r\nCisco Packaged Contact Center Enterprise\r\nCisco Unified Attendant Console Advanced\r\nCisco Unified Attendant Console Business Edition\r\nCisco Unified Attendant Console Department Edition\r\nCisco Unified Attendant Console Enterprise Edition\r\nCisco Unified Attendant Console Premium Edition\r\nCisco Unified Communications Manager IM & Presence Service\r\nCisco Unified Communications Manager Session Management Edition\r\nCisco Unified Communications Manager\r\nCisco Unified Contact Center Enterprise\r\nCisco Unified Contact Center Express\r\nCisco Unified Customer Voice Portal\r\nCisco Unified Intelligence Center\r\nCisco Unity Connection\r\nCisco Virtualized Voice Browser\r\n\r\nVideo, Streaming, TelePresence, and Transcoding Devices\r\n\r\nCisco Expressway Series\r\nCisco TelePresence Integrator C Series\r\nCisco TelePresence MX Series\r\nCisco TelePresence Management Suite Provisioning Extensions\r\nCisco TelePresence Management Suite\r\nCisco TelePresence Precision Cameras\r\nCisco TelePresence Profile Series\r\nCisco TelePresence SX Series\r\nCisco TelePresence System EX Series\r\nCisco TelePresence Video Communication Server (VCS)\r\nCisco Touch\r\nCisco Video Surveillance Operations Manager\r\nCisco Vision Dynamic Signage Director\r\nCisco Webex Board Series\r\nCisco Webex Desk Series\r\nCisco Webex Room Navigator\r\nCisco Webex Room Series\r\n\r\nWireless\r\n\r\nCisco Ultra Cloud Core - Access and Mobility Management Function\r\nCisco Ultra Cloud Core - Network Repository Function\r\nCisco Ultra Cloud Core - Policy Control Function\r\nCisco Ultra Cloud Core - Redundancy Configuration Manager\r\nCisco Ultra Cloud Core - Session Management Function\r\nCisco Ultra Cloud Core - Subscriber Microservices Infrastructure\r\n\r\nCisco Cloud Hosted Services\r\n\r\nCisco BroadCloud\r\nCisco Industrial Asset Vision\r\nCisco IoT Control Center\r\nCisco IoT Operations Dashboard (IOTOC)\r\nCisco Kinetic for Cities\r\nCisco Registered Envelope Service\r\nCisco Smart Collector - Lifecycle Management\r\nCisco Umbrella\r\nCisco Unified Communications Manager Cloud\r\nCisco Webex Cloud-Connected UC (CCUC)" }, { "category": "general", "title": "Workarounds", "text": "Any workarounds will be documented in the product-specific Cisco bugs, which are identified in the Vulnerable Products section of this advisory." }, { "category": "general", "title": "Fixed Software", "text": "For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers." }, { "category": "general", "title": "Vulnerability Policy", "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco." }, { "category": "general", "title": "Exploitation and Public Announcements", "text": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory." }, { "category": "general", "title": "Source", "text": "This vulnerability was publicly disclosed by VMware on March 31, 2022." }, { "category": "legal_disclaimer", "title": "Legal Disclaimer", "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products." } ], "publisher": { "category": "vendor", "contact_details": "psirt@cisco.com", "issuing_authority": "Cisco PSIRT", "name": "Cisco", "namespace": "https://wwww.cisco.com" }, "references": [ { "category": "self", "summary": "Vulnerability in Spring Framework Affecting Cisco Products: March 2022", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67" }, { "category": "external", "summary": "Cisco Security Vulnerability Policy", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html" }, { "category": "external", "summary": "VMware Spring Framework Security Vulnerability Report", "url": "https://tanzu.vmware.com/security/cve-2022-22965" }, { "category": "external", "summary": "Cisco Bug Search Tool", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID" }, { "category": "external", "summary": "Fixed Release Availability", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes" }, { "category": "external", "summary": "CSCwb41735", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb41735" }, { "category": "external", "summary": "CSCwb43658", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43658" }, { "category": "external", "summary": "CSCwb43703", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43703" }, { "category": "external", "summary": "CSCwb43709", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43709" }, { "category": "external", "summary": "CSCwb43706", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43706" }, { "category": "external", "summary": "CSCwb43650", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43650" }, { "category": "external", "summary": "CSCwb43643", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43643" }, { "category": "external", "summary": "CSCwb43667", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43667" }, { "category": "external", "summary": "CSCwb43691", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43691" }, { "category": "external", "summary": "CSCwb43708", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43708" }, { "category": "external", "summary": "CSCwb43637", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43637" }, { "category": "external", "summary": "CSCwb43692", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43692" }, { "category": "external", "summary": "CSCwb43727", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43727" }, { "category": "external", "summary": "CSCwb45202", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb45202" }, { "category": "external", "summary": "CSCwb43662", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43662" }, { "category": "external", "summary": "Security Vulnerability Policy", "url": "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html" } ], "title": "Vulnerability in Spring Framework Affecting Cisco Products: March 2022", "tracking": { "current_release_date": "2023-02-09T15:14:14+00:00", "generator": { "date": "2025-10-13T15:42:52+00:00", "engine": { "name": "TVCE" } }, "id": "cisco-sa-java-spring-rce-Zx9GUc67", "initial_release_date": "2022-04-01T23:45:00+00:00", "revision_history": [ { "date": "2022-04-02T00:37:17+00:00", "number": "1.0.0", "summary": "Initial public release." }, { "date": "2022-04-04T21:57:16+00:00", "number": "1.1.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2022-04-05T17:43:30+00:00", "number": "1.2.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2022-04-06T17:39:06+00:00", "number": "1.3.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2022-04-07T18:00:44+00:00", "number": "1.4.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2022-04-11T17:54:26+00:00", "number": "1.5.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2022-04-12T18:27:07+00:00", "number": "1.6.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2022-04-13T16:54:53+00:00", "number": "1.7.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2022-04-14T17:27:42+00:00", "number": "1.8.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2022-04-21T21:01:20+00:00", "number": "1.9.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2022-04-26T17:43:02+00:00", "number": "1.10.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2022-04-29T16:53:49+00:00", "number": "1.11.0", "summary": "Updated vulnerable products and products confirmed not vulnerable." }, { "date": "2022-06-01T17:22:35+00:00", "number": "1.12.0", "summary": "Updated Fixed Releases information." }, { "date": "2023-02-09T15:14:14+00:00", "number": "1.13.0", "summary": "Updated products confirmed not vulnerable." } ], "status": "final", "version": "1.13.0" } }, "product_tree": { "branches": [ { "name": "Cisco", "category": "vendor", "branches": [ { "name": "Cisco Emergency Responder", "category": "product_family", "product": { "name": "Cisco Emergency Responder ", "product_id": "CSAFPID-4844" } }, { "name": "Cisco Unity Connection", "category": "product_family", "product": { "name": "Cisco Unity Connection ", "product_id": "CSAFPID-73608" } }, { "name": "Cisco Unified Communications Manager", "category": "product_family", "product": { "name": "Cisco Unified Communications Manager ", "product_id": "CSAFPID-88444" } }, { "name": "Cisco Unified Communications Manager IM and Presence Service", "category": "product_family", "product": { "name": "Cisco Unified Communications Manager IM and Presence Service ", "product_id": "CSAFPID-189784" } }, { "name": "Cisco Prime License Manager", "category": "product_family", "product": { "name": "Cisco Prime License Manager ", "product_id": "CSAFPID-203607" } }, { "name": "Cisco Prime Collaboration Deployment", "category": "product_family", "product": { "name": "Cisco Prime Collaboration Deployment ", "product_id": "CSAFPID-203614" } }, { "name": "Cisco Secure Firewall Management Center (FMC)", "category": "product_family", "product": { "name": "Cisco Secure Firewall Management Center (FMC) ", "product_id": "CSAFPID-212162" } }, { "name": "Cisco Evolved Programmable Network Manager (EPNM)", "category": "product_family", "product": { "name": "Cisco Evolved Programmable Network Manager (EPNM) ", "product_id": "CSAFPID-213688" } }, { "name": "Cisco Secure Firewall Threat Defense (FTD) Software", "category": "product_family", "product": { "name": "Cisco Secure Firewall Threat Defense (FTD) Software ", "product_id": "CSAFPID-220203" } }, { "name": "Cisco IoT Field Network Director (IoT-FND)", "category": "product_family", "product": { "name": "Cisco IoT Field Network Director (IoT-FND) ", "product_id": "CSAFPID-227605" } }, { "name": "Cisco HyperFlex HX Data Platform", "category": "product_family", "product": { "name": "Cisco HyperFlex HX Data Platform ", "product_id": "CSAFPID-247050" } }, { "name": "Cisco Unified Communications Manager / Cisco Unity Connection", "category": "product_family", "product": { "name": "Cisco Unified Communications Manager / Cisco Unity Connection ", "product_id": "CSAFPID-277610" } } ] } ] }, "vulnerabilities": [ { "cve": "CVE-2022-22965", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCwb69766" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43734" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43739" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43738" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43736" }, { "system_name": "Cisco Bug ID", "text": "CSCwd75689" }, { "system_name": "Cisco Bug ID", "text": "CSCvv65984" }, { "system_name": "Cisco Bug ID", "text": "CSCwb44794" }, { "system_name": "Cisco Bug ID", "text": "CSCwb70105" }, { "system_name": "Cisco Bug ID", "text": "CSCwc96587" }, { "system_name": "Cisco Bug ID", "text": "CSCwa79849" }, { "system_name": "Cisco Bug ID", "text": "CSCwb84370" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43345" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43327" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43328" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43331" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43332" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43335" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43340" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43342" }, { "system_name": "Cisco Bug ID", "text": "CSCwb43346" } ], "notes": [ { "category": "other", "title": "Affected Product Comprehensiveness", "text": "Complete." } ], "product_status": { "known_affected": [ "CSAFPID-213688", "CSAFPID-88444", "CSAFPID-4844", "CSAFPID-73608", "CSAFPID-277610", "CSAFPID-247050", "CSAFPID-189784", "CSAFPID-227605", "CSAFPID-203607", "CSAFPID-220203", "CSAFPID-212162", "CSAFPID-203614" ] }, "release_date": "2022-04-01T23:45:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-213688", "CSAFPID-73608", "CSAFPID-189784", "CSAFPID-88444", "CSAFPID-4844", "CSAFPID-203607", "CSAFPID-212162", "CSAFPID-203614", "CSAFPID-247050", "CSAFPID-220203", "CSAFPID-227605", "CSAFPID-277610" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-213688", "CSAFPID-88444", "CSAFPID-4844", "CSAFPID-73608", "CSAFPID-277610", "CSAFPID-247050", "CSAFPID-189784", "CSAFPID-227605", "CSAFPID-203607", "CSAFPID-220203", "CSAFPID-212162", "CSAFPID-203614" ] } ], "title": "Vulnerability in Java Spring Framework Affecting System Products" } ] }