Update from April 5, 2022
The Dynatrace team has finished the review of CVE-2022-22965 and also CVE-2022-22963:
- None of the public facing Dynatrace services are affected
- None of the Dynatrace software components are affected
Update from April 1, 2022
The Dynatrace team is actively reviewing the recently published Spring Framework remote code execution vulnerability (CVE-2022-22965).
The vulnerable spring framework library is NOT part of any of the 3 Dynatrace components (version >= 1.175):
- OneAgent not affected, vulnerable library not used
- ActiveGate not affected, vulnerable library not used
- Dynatrace Managed Cluster not affected, vulnerable library not used
Dynatrace Application Security continuously validates that any occurrence of the vulnerable spring framework library is rapidly detected and remediated on all production systems.
We will continue to assess the situation and provide further status updates on this page.
Notice
This document is provided on an “as is” basis, with no express or implied warranties. Some of the information provided may come from third parties. Your use of the information in the document or materials linked from the document is at your own risk. Dynatrace reserves the right to change or update this document without notice at any time. Dynatrace expects to update this document as new information becomes available.