Security Advisory

Cybersecurity

As IoT adoption continues to proliferate, cybersecurity has become one of the top priorities. Aten created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Aten's customers have steady, unambiguous resources to help them understand how Aten resolves or mitigates reported vulnerabilities.

Vulnerability Overview

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Release Date: 2022/04/01

Vulnerability Metrics

Vulnerability Scoring Details :

The vulnerability scores and vectors are listed below.

Severity	CVSS Score	Vector
CRITICAL	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tech Assistance

	FAQ
	Discontinued Products

Latest Server Room Solutions Guide is Now Available

Remote Monitoring for Mobile Testing Carts

In-Depth Product Insights

ATEN Pro Audio Series

Optimize Data Center Sustainability with ATEN PG Series eco PDUs

Podcast AI Audio Mixer - MicLIVE (UC8000) by ATEN!

ATEN ACS Online Training

Security Advisory

Cybersecurity

Vulnerability Overview

CVE-2022-22965

Vulnerability Metrics

Vulnerability Scoring Details :

Tech Assistance

Where to buy

Security Advisory

Cybersecurity

Vulnerability Overview

CVE-2022-22965

Vulnerability Metrics

Vulnerability Scoring Details :

Tech Assistance

Where to buy

Your Privacy Choices