Skip to main content
M
MIKE23893867xl56
Participant
April 4, 2022
Question

CVE-2022-22965 Vulneraability

  • April 4, 2022
  • 1 reply
  • 701 views

Hi,

 

Its been reported that Adobe Connect is vulnerable to CVE-2022-22965. Has there been any update or response from Adobe about it?

    This topic has been closed for replies.

    1 reply

    Jorma_at_CoSo
    Jorma_at_CoSo
    Legend
    April 5, 2022

    I can't find any report of Connect being vunerable to this issue. Can you share where you got that information? From what I can find on this it is generally applicable to Tomcat, which Connect does use, but Adobe Connect is not called out as an application that is affected. 

    https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2022-22965 

    M
    MIKE23893867xl56Author
    Participant
    April 5, 2022

    I think you are right. It was reported by an internal scan that found spring-core-5.3.2.jar which is in the exploit report.

     

    The prerequistites included using JDK 9 and being deployed as a WAR which I don't think Connect does either.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices