Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Initial review of our applications, we are not affected by CVE-2022-22963, CVE-2022-22965. Our security and development team is assessing whether these vulnerabilities affect any of other products and services we use. We will update this page as soon as we have any results from their investigation. 

Four CVEs have been released so far and are being actively updated as new information emerges. These vulnerabilities can result, in the worst case, in full remote code execution (RCE) compromise:

CVE-2022-22947
CVE-2022-22950
CVE-2022-22963
CVE-2022-22965

Action taken by our team:

  • Audit/Monitor application logs for unexpected system errors or messages including inappropriate access.

  • Configured firewall rules to intercept and drop malicious web requests

  • The WAF team is actively monitoring these CVEs and has have already deployed a number of new managed mitigation rules.

...