Upon analysis, we have determined that Spring4Shell vulnerability (CVE-2022-22963 & CVE-2022-22965) is not applicable to ZENworks Service Desk.
Upon analysis, we have determined that this critical 0-day vulnerability "Spring4Shell" (CVE-2022-22963 & CVE-2022-22965) is not applicable any of the ZENworks products.
CVE-2022-22963 is applicable only if Spring Cloud Function is consumed.
ZENworks products do not consume it.
CVE-2022-22965 can be exploited only if the code using Spring Beans runs on Java version 9 and above, and has at least one endpoint that maps parameters to an object using either query parameters in a GET method or a POST method using application/x-www-form-urlencoded. This vulnerability is NOT exploitable for objects that are deserialized from JSON or other standard mechanisms.
Since the above pre-requisites are not met, ZENworks products are not vulnerable.
Paul Pedron