A critical vulnerability potentially allowing remote code execution in Apache Commons Text impacting versions 1.5 through 1.9 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2022-42889, and is also commonly referred to as “Text4Shell”.
This article provides currently available information about the potential impact of the vulnerability on Flexera products.
NOTE: This is an ongoing assessment. Updates will be made to this advisory as further information becomes available.
As had been mentioned within the announcement of the maintainer of Apache Commons Text, while the vulnerability allows remote code execution, the vulnerability requires the use of an insecure configuration of Apache Commons Text. Such configurations are not expected to be common, but Flexera is nevertheless committed to assess its products based on any potential exposure.
Product |
Potential Exposure to CVE-2022-42889 |
Potentially Exposed Components or Versions |
Fixed Version |
Mitigation |
AdminStudio |
No |
N/A |
N/A |
N/A |
App Portal / App Broker |
No |
N/A |
N/A |
N/A |
Cloud Management Platform |
Under assessment |
|
|
|
CloudScape / Foundation |
No |
N/A |
N/A |
N/A |
Columbus |
Under assessment |
|
|
|
Data Platform |
No |
N/A |
N/A |
N/A |
FlexNet Manager Suite On Premises |
No |
N/A |
N/A |
N/A |
FlexNet Manager for Engineering Applications |
No |
N/A |
N/A |
N/A |
Flexera One: |
|
|
|
|
Cloud Cost Optimization (Optima) |
No |
N/A |
N/A |
N/A |
IT Asset Management |
No |
N/A |
N/A |
N/A |
IT Visibility |
Under assessment |
|
|
|
SaaS Management |
No |
N/A |
N/A |
N/A |
Software Vulnerability Manager Cloud |
No |
N/A |
N/A |
N/A |
Software Vulnerability Manager On Premises |
No |
N/A |
N/A |
N/A |
Software Vulnerability Research |
No |
N/A |
N/A |
N/A |
Spider |
Under assessment |
|
|
|
Technopedia |
Under assessment |
|
|
|
Workflow Manager |
Under assessment |
|
|
|
The information on this page reflects:
2022-10-24 1:24pm CST: Initial notice posted
2022-10-24 10:45pm CST: Updated assessment status for: CloudScape / Foundation, Cloud Cost Optimization, IT Asset Management and SaaS Management
2022-10-26 7:25pm CST: Updated assessment status for App Portal / App Broker
2022-10-27 7:45am CST: Updated assessment status for AdminStudio
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.