Critical Severity – VMSA-2022-0010 – VMware Tanzu

VMware published security advisory VMSA-2022-0010. A critical vulnerability in the Spring Framework project identified by CVE-2022-22965 has been publicly disclosed which impacts VMware products:

  • VMware Tanzu Application Service for VMs
  • VMware Tanzu Operations Manager
  • VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)

Multiple products impacted by remote code execution vulnerability (CVE-2022-22965), a malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system.

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Tanzu Application Service for VMs2.13AnyCVE-2022-229659.8Critical 2.13.1HereNone
Tanzu Application Service for VMs2.12AnyCVE-2022-229659.8Critical 2.12.10HereNone
Tanzu Application Service for VMs2.11AnyCVE-2022-229659.8Critical 2.11.17HereNone
Tanzu Application Service2.10AnyCVE-2022-229659.8Critical 2.10.29HereNone
Tanzu Operations Manager2.10AnyCVE-2022-229659.8Critical 2.10.35NoneNone
Tanzu Operations Manager2.9AnyCVE-2022-229659.8Critical 2.9.35NoneNone
Tanzu Operations Manager2.8AnyCVE-2022-229659.8Critical 2.8.20NoneNone
TKGI1.13AnyCVE-2022-229659.8Critical Patch pendingKB88102None
TKGI1.12AnyCVE-2022-229659.8Critical Patch pendingKB88102None
TKGI1.11AnyCVE-2022-229659.8Critical Patch pendingKB88102None


Tanzu Application Service
Downloads and Documentation:

Tanzu Operations Manager
Downloads and Documentation:

Downloads and Documentation:

Mitre CVE Dictionary Links:

FIRST CVSSv3 Calculator:

Please like and share to spread the knowledge in the community.

Subscribe to my channel:

If you want to chat with me please use Twitter: @AngrySysOps

Join my  VMware Knowledge Base Group:

Visit my FB page:

Read my blog:

Subscribe to my channel:

Please leave the comment