Sign In
Forgot Password

Don’t have an account? Create One.

Spring Framework Vulnerability Hotfix for NetBackup Flex Appliance

HotFix Critical


Spring Framework Vulnerability Hotfixes for NetBackup Flex Appliance versions 2.0.2 and 2.1


The hotfix fixes a zero-day vulnerability (CVE-2022-22965) in the open-source Java framework, Spring, that could allow an attacker to execute arbitrary code on a remote web server. You must first upgrade to 2.0.2 or 2.1 before applying the hotfix.


The Flex 2.1 hotfix also includes:

  • Fix for HBA QLE2692 false alert that the temperature is high (V-475-105-1005) 
  • Previously released fix for Log4j and Polkit vulnerabilities (VE-2021-44228, CVE-2021-45046 and CVE-2021-4034) 
  • Previously released fix for enabling Isolated Recovery Environment (IRE) Air Gap Solution 


The Flex 2.0.2 hotfix also includes:

Update files

File name Description Version Platform Size

Applies to the following product releases