Forum Discussion

5 Replies

  • A couple folks took a look around and we don't see anything official or otherwise. Odd.

    I recommend opening a support case at and requesting an escalation to the ASM Rules Team so that an official and authoritative answer is provided.

    It would be great to have any resulting KB article linked here too.
    Hope that helps.


    • AaronJB's avatar
      Icon for SIRT rankSIRT

      I'd agree with Lief - reading up on this CVE, it seems to be a Java deserialization gadget accessible prior to authentication. On that basis it's quite likely that there are existing ASM signatures which would trigger during exploitation, but your best route to get that confirmed is by opening a case with the Support organisation who will be able to escalate to the dedicated Threat Research team.

      For what it's worth, I looked to see if any other customers had asked the question which would have resulted in an escalation, but there are zero references to that CVE that I can find.

      I also couldn't find a good end-to-end PoC; the original writeup points to exploitation via chaining CVE-2022-21445 with a second CVE (from 2020), but they don't reveal the requests they make, only the end results