Ein Statement von UI zu neuem Sicherheitslücken
Statement Regarding Spring CVE-2022-22965, 2022-22950, and 2022-22963 001
Overview
Ubiquiti’s Cybersecurity and UniFi Network teams have reviewed: CVE-2022-22965, 2022-22950, and 2022-22963.
Please be advised that:
https://tanzu.vmware.com/security/CVE-2022-22965
The UniFi Network application only supports Java 8, which is not affected by this CVE. Still, the upcoming Network Version 7.2 update will upgrade to Spring Framework 5.3.18.
https://tanzu.vmware.com/security/cve-2022-22950
Currently, we are not aware of any practical way to exploit this DoS vulnerability.
https://tanzu.vmware.com/security/cve-2022-22963
UniFi Network is not reliant on Spring Cloud Function, making it invulnerable to this CVE.