Vulnerability Name:

CVE-2022-22965 (CCN-223103)

Assigned:2022-03-31
Published:2022-03-31
Updated:2023-02-09
Summary:Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux.

Note: This vulnerability is also known as Spring4Shell or SpringShell.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-22965

Source: security@vmware.com
Type: Exploit, Third Party Advisory, VDB Entry
security@vmware.com

Source: security@vmware.com
Type: Third Party Advisory, VDB Entry
security@vmware.com

Source: CCN
Type: US-CERT VU#970766
The Spring Framework is a Java framework that can be used to create applications such as web applications. Due to improper handling of PropertyDescriptor objects used with data binding, Java applications written with Spring may allow for the execution of arbitrary code.

Source: security@vmware.com
Type: Patch, Third Party Advisory
security@vmware.com

Source: XF
Type: UNKNOWN
spring-framework-cve202222965-code-exec(223103)

Source: CCN
Type: Packet Storm Security [04-13-2022]
Spring4Shell Code Execution

Source: CCN
Type: Packet Storm Security [05-10-2022]
Spring4Shell Spring Framework Class Property Remote Code Execution

Source: security@vmware.com
Type: Third Party Advisory
security@vmware.com

Source: CCN
Type: Spring Blog, March 31, 2022
Spring Framework RCE, Early Announcement

Source: CCN
Type: VMware Tanzu Web site
CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

Source: security@vmware.com
Type: Mitigation, Vendor Advisory
security@vmware.com

Source: CCN
Type: Cisco Security Advisory cisco-sa-java-spring-rce-Zx9GUc67
Vulnerability in Spring Framework Affecting Cisco Products: March 2022

Source: security@vmware.com
Type: Third Party Advisory
security@vmware.com

Source: CCN
Type: ICSA-22-286-05
Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service

Source: CCN
Type: IBM Security Bulletin 6570913 (Maximo for Civil Infrastructure)
IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6570915 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6570949 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6570975 (Sterling B2B Integrator)
IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6571299 (Security SOAR)
IBM Security SOAR is affected but not classified as vulnerable to remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6573715 (Watson Explorer)
Vulnerability exists for Spring Framework in Watson Explorer (CVE-2021-22060, CVE-2022-22965, CVE-2022-22950)

Source: CCN
Type: IBM Security Bulletin 6574421 (Sterling File Gateway)
IBM Sterling File Gateway is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6575447 (Cloud Pak for Integration)
Operations Dashboard in Cloud Pak for Integration is affected by Spring4Shell CVE-2022-22965

Source: CCN
Type: IBM Security Bulletin 6575577 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6581969 (Watson Assistant for Cloud Pack for Data)
IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6583065 (API Connect)
API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6583151 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6583465 (Watson Knowledge Catalog on-prem)
Java Spring vulnerability impacts IBM Watson Knowledge Catalog in Cloud Pak for Data (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6584984 (Sterling Connect:Direct for Microsoft Windows)
IBM Sterling Connect:Direct for Microsoft Windows is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6586658 (Planning Analytics Workspace)
IBM Planning Analytics Workspace is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6587154 (Tivoli Monitoring V6)
IBM Tivoli Monitoring is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6587935 (Robotic Process Automation with Automation Anywhere)
IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6589575 (Sterling Connect:Direct for UNIX)
IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6589989 (Sterling Control Center)
IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6590487 (Cognos Command Center)
IBM Cognos Command Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6590823 (Common Licensing)
IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6590869 (SPSS Collaboration and Deployment Services)
Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services

Source: CCN
Type: IBM Security Bulletin 6591113 (Watson Machine Learning Accelerator)
Watson Machine Learning Accelerator is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6591147 (Hardware Management Console)
HMC is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6591361 (Edge Application Manager)
IBM Edge Application Manager is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965))

Source: CCN
Type: IBM Security Bulletin 6592807 (MaaS360)
IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6592963 (DS8880)
Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC)

Source: CCN
Type: IBM Security Bulletin 6592977 (Sterling Connect Direct Web Services)
IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6593861 (Db2 Web Query for i)
Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).

Source: CCN
Type: IBM Security Bulletin 6595721 (Rational Test Workbench)
Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6596867 (Spectrum Conductor)
IBM Spectrum Conductor is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6596873 (Spectrum Symphony)
IBM Spectrum Symphony is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6598419 (QRadar SIEM)
IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

Source: CCN
Type: IBM Security Bulletin 6601301 (Tivoli Netcool/Impact)
IBM Tivoli Netcool Impact is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6602625 (i Modernization Engine for Lifecycle Integration)
IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6606977 (Process Mining)
Vulnerability in Spring Framework affects IBM Process Mining and could allow a local attacker to execute arbitrary code on the system (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6610851 (Cloud Pak System)
Vulnerabilities in Spring Framework affect IBM Cloud Pak System (CVE-2022-22965, CVE-2020-5421)

Source: CCN
Type: IBM Security Bulletin 6825845 (Case Manager)
IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]

Source: CCN
Type: IBM Security Bulletin 6826635 (Cloud Pak for Business Automation)
IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]

Source: CCN
Type: IBM Security Bulletin 6830265 (ECM CMIS)
CMIS is affected since it uses Spring Framework, but not vulnerable to [CVE-2022-22965] and [CVE-2022-22963]

Source: CCN
Type: IBM Security Bulletin 6833578 (Cloud Pak for Security)
Cloud Pak for Security is affected by but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6841803 (Cognos Controller)
IBM Cognos Controller has addressed multiple vulnerabilities

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: security@vmware.com
Type: Third Party Advisory
security@vmware.com

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: security@vmware.com
Type: Patch, Third Party Advisory
security@vmware.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2022-22965

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:pivotal_software:spring_framework:5.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.13:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.14:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.15:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.3.16:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:pivotal_software:spring_framework:5.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.2.14:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.2.16:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.2.17:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.2.18:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:spring_framework:5.2.19:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_test_workbench:9.2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_symphony:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_conductor:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:api_connect:10.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_file_gateway:6.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:hardware_management_console:9.2.950.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.3.5:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:sterling_file_gateway:6.0.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:case_manager:5.3:cd:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    pivotal_software spring framework 5.2.2
    pivotal_software spring framework 5.3.0
    pivotal_software spring framework 5.3.1
    pivotal_software spring framework 5.3.2
    pivotal_software spring framework 5.3.3
    pivotal_software spring framework 5.3.4
    pivotal_software spring framework 5.3.5
    pivotal_software spring framework 5.3.6
    pivotal_software spring framework 5.3.7
    pivotal_software spring framework 5.3.8
    pivotal_software spring framework 5.3.9
    pivotal_software spring framework 5.3.10
    pivotal_software spring framework 5.3.11
    pivotal_software spring framework 5.3.12
    pivotal_software spring framework 5.3.13
    pivotal_software spring framework 5.3.14
    pivotal_software spring framework 5.3.15
    pivotal_software spring framework 5.3.16
    vmware spring framework 5.3.17
    pivotal_software spring framework 5.2.1
    pivotal_software spring framework 5.2.0 -
    pivotal_software spring framework 5.2.3
    pivotal_software spring framework 5.2.4
    pivotal_software spring framework 5.2.5
    pivotal_software spring framework 5.2.6
    pivotal_software spring framework 5.2.7
    pivotal_software spring framework 5.2.8
    pivotal_software spring framework 5.2.9
    vmware spring framework 5.2.10
    vmware spring framework 5.2.11
    vmware spring framework 5.2.12
    vmware spring framework 5.2.13
    vmware spring framework 5.2.14
    vmware spring framework 5.2.15
    vmware spring framework 5.2.16
    vmware spring framework 5.2.17
    vmware spring framework 5.2.18
    vmware spring framework 5.2.19
    ibm tivoli netcool/impact 7.1.0
    ibm tivoli monitoring 6.3.0
    ibm watson explorer 11.0.0
    ibm watson explorer 11.0.1
    ibm tivoli monitoring 6.3.0.7
    ibm watson explorer 11.0.2
    oracle weblogic server 12.2.1.3.0
    ibm spss collaboration and deployment services 8.0
    ibm spss collaboration and deployment services 8.1
    ibm spss collaboration and deployment services 8.1.1
    ibm infosphere information server 11.7
    ibm qradar security information and event manager 7.3
    oracle retail customer management and segmentation foundation 17.0
    ibm watson explorer 12.0.0
    ibm sterling b2b integrator 6.0.0.0
    ibm rational test workbench 9.2.1.1
    ibm cognos command center 10.2.4.1
    ibm watson explorer 12.0.1
    ibm watson explorer 12.0.2
    ibm cognos controller 10.4.0
    oracle retail customer management and segmentation foundation 18.0
    ibm cognos controller 10.4.1
    ibm cloud pak system 2.3.0.1
    ibm watson discovery 2.0.0
    ibm spectrum symphony 7.3
    ibm watson explorer 12.0.3
    ibm cloud pak system 2.3.1.1
    ibm spss collaboration and deployment services 8.2
    ibm spss collaboration and deployment services 8.2.1
    ibm spectrum conductor 2.4.1
    ibm qradar security information and event manager 7.4 -
    ibm cloud pak system 2.3.2.0
    ibm api connect 10.0.0.0
    ibm cognos controller 10.4.2
    ibm sterling file gateway 6.0.0.0
    ibm cloud pak system 2.3.3.0
    ibm cloud pak system 2.3.3.1
    ibm cloud pak system 2.3.3.2
    ibm sterling b2b integrator 6.1.0.0
    ibm api connect 10.0.1.1
    ibm watson discovery 2.2.1
    ibm cloud pak system 2.3.3.3
    ibm sterling file gateway 6.1.0.0
    ibm hardware management console 9.2.950.0
    ibm planning analytics workspace 2.0
    ibm cloud pak for business automation 21.0.1 -
    ibm cloud pak for business automation 21.0.2 -
    ibm cloud pak for business automation 21.0.3 -
    ibm sterling b2b integrator 6.0.3.5
    ibm sterling file gateway 6.0.3.5
    ibm case manager 5.3 cd