Updated: April 20, 2022 

In late March 2022, Spring announced two vulnerabilities within the Spring Framework and Spring Cloud Function. On March 29, 2022, the Spring Cloud Expression Resource Access Vulnerability tracked in CVE-2022-22963 was patched with the release of Spring Cloud Function 3.1.7 and 3.2.3. Two days later on March 31, 2022, Spring released version 5.3.18 and 5.2.20 of Spring Framework to patch another more severe vulnerability tracked in CVE-2022-22965

Keysight has assessed our product portfolio and determined that only the products below are potentially impacted1. Details and appropriate mitigation information can be found in the following table. 

Product Mitigation
Network Emulator II Visit Ixia Security Advisory
Network Emulator 100G+ Visit Ixia Security Advisory
5G UE Emulation based on Prisma Visit Ixia Security Advisory
IxLoad tG (DuSIM) Visit Ixia Security Advisory
RuSIM, UeSIM Visit Ixia Security Advisory


For additional questions, please contact Keysight. 

1 Keysight used commercially reasonable efforts to compile the list of products affected by the Spring Framework vulnerabilities. Keysight offers this information for your convenience and does not warrant it is complete

Want help or have questions?