Re: ASM signtures for CVE-2022-21445

I'd agree with Lief - reading up on this CVE, it seems to be a Java deserialization gadget accessible prior to authentication. On that basis it's quite likely that there are existing ASM signatures which would trigger during exploitation, but your best route to get that confirmed is by opening a case with the Support organisation who will be able to escalate to the dedicated Threat Research team.

For what it's worth, I looked to see if any other customers had asked the question which would have resulted in an escalation, but there are zero references to that CVE that I can find.

I also couldn't find a good end-to-end PoC; the original writeup points to exploitation via chaining CVE-2022-21445 with a second CVE (from 2020), but they don't reveal the requests they make, only the end results