Hi,
last days there was a vulnerability issue CVE-2022-22963 according to spring cloud found. I wonder if there is an official statement from Microsoft if their services (e.g. Azure, Azure DevOps) are affected by this leak.
I assume that Azure DevOps does not contain any Java Spring Cloud components and is therefore not affected. Is there an official statement from Microsoft on the subject?
Thanks in advance
Hello @TinoSchinnerlingprof-3304 - You can look out for blog posts from the Microsoft Threat Intelligence team here: https://www.microsoft.com/security/blog/microsoft-security-intelligence
There's one for CVE-2022-22965: https://www.microsoft.com/security/blog/2022/04/04/springshell-rce-vulnerability-guidance-for-protecting-against-and-detecting-cve-2022-22965/
Thanks Mike,
thats what i've already seen, but there is no comment about the issue CVE-2022-22963 yet. So it would be grateful if somebody has detailed information about it or has tested azure services, because we need an answer for the security department of the company.
Thanks.
@TinoSchinnerlingprof-3304 The same blog post was updated to include CVE-2022-22963 in its guidance:
April 11, 2022 update – Azure Web Application Firewall (WAF) customers with Regional WAF with Azure Application Gateway now has enhanced protection for critical Spring vulnerabilities – CVE-2022-22963, CVE-2022-22965, and CVE-2022-22947. See Detect and protect with Azure Web Application Firewall (Azure WAF) section for details.
2 people are following this question.
