Spring4Shell (CVE-2022-22965) Vulnerability

Product version: 10.6

Last modified: 4 April 2021

Question

Is NAKIVO Backup & Replication affected by vulnerability CVE-2022-22965 ("Spring4Shell")?

Answer

This RCE vulnerability targets all versions of SpringCore running on Java version 9 or newer. Since NAKIVO Backup & Replication uses Java 8, it is not affected by this vulnerability.