Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Updates & Insights
  • Questions
  • Learning
    • E-learning Courses
    • Empower Replay: Limited Edition
    • Tutorials
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
      • About the DevOps Program
      • DataMiner DevOps Support
  • Downloads
  • More
    • DataMiner Releases & Updates
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

Spring4Shell vulnerability (CVE-2022-22965)

Solved1.63K views14th July 2023cybersecurity security vulnerability
3
Xabier Cenoz 12th April 2022 0 Comments

Hi Skyline team

I would like to confirm whether Dataminer product is affected by this vulnerability: CVE-2022-22965 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965)

Thanks in advance

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 14th July 2023

1 Answer

  • Active
  • Voted
  • Newest
  • Oldest
9
Gellynck Jens [SLC]2.71K Posted 12th April 2022 1 Comment

Hi Xabier,

DataMiner only depends on 2 Java-based applications: Apache Cassandra and Elasticsearch.

  • Elasticsearch is not affected by Spring4Shell
  • Apache Cassandra did not make an official statement yet. I have contacted them for official confirmation, but have not received an answer.

Therefore, I did some investigation myself:

The vulnerability requires JDK 9 or higher and is packaged as a WAR file.
Since DataMiner deploys Cassandra with Java 8 and it’s not packaged as a WAR I don’t expect Cassandra to be affected.

I also ran a Spring4Shell detection tool on my local Cassandra and it did not detect the vulnerabilities:

Please let me know if you have any further questions.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 14th July 2023
Xabier Cenoz commented 12th April 2022

Thanks Jens, all clear.

Best regards

Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs