CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889
Informational
Palo Alto Networks has evaluated the Apache Commons Text library vulnerability CVE-2022-42889, known as Text4Shell, for all products and services.
The Palo Alto Networks Product Security Assurance team has confirmed that all products and services are not impacted by this vulnerability.
Versions | Affected | Unaffected |
---|---|---|
AutoFocus | None | all |
Bridgecrew | None | all |
Cloud NGFW | None | all |
Cortex Data Lake | None | all |
Cortex XDR | None | all |
Cortex XDR Agent | None | all |
Cortex Xpanse | None | all |
Cortex XSOAR | None | all |
Enterprise Data Loss Prevention | None | all |
Exact Data Matching CLI | None | all |
Expanse | None | all |
Expedition Migration Tool | None | all |
GlobalProtect App | None | all |
IoT Security | None | all |
Okyo Garde | None | all |
Palo Alto Networks App for Splunk | None | all |
PAN-OS | None | all |
Prisma Access | None | all |
Prisma Cloud | None | all |
Prisma Cloud Compute | None | all |
Prisma SD-WAN (CloudGenix) | None | all |
Prisma SD-WAN ION | None | all |
SaaS Security | None | all |
User-ID Agent | None | all |
WildFire Appliance (WF-500) | None | all |
WildFire Cloud | None | all |
Palo Alto Networks is not aware of any malicious exploitation of this issue on any of our products.
CWE-94 Improper Control of Generation of Code ('Code Injection')
No software updates are required at this time.
Customers with a Threat Prevention subscription can block known attacks for CVE-2022-42889 by enabling Threat ID 93157 (Applications and Threats content update 8632). This mitigation reduces the risk of exploitation from known exploits.