A recent security vulnerability had been identified in SpringFramework (CVE-2022-22965) as highlighted in the previous post by our product management team https://community.flexera.com/t5/Community-Notices/Security-Advisory-Assessment-of-Flexera-s-products-exposure-to/ba-p/230099#FNMEA
We are happy to inform you that a service pack has now been released to update the Spring Framework version that is being used by FNMEA, the download for service pack 3 will be available to you through your community/product & license center account.
Please be aware if you currently have either of the previous two service packs installed in your environment you will need to uninstall these patches first using the 'flexnet patch uninstall' command, within the zip file is a pdf file with the installation instructions, please review these before proceeding with the install.
Resolved Issues;
FNMEA-15709 Fix Spring vulnerability (CVE-2022-22965)
If you have any issues accessing the downloads or applying the service pack please reach out to support for assistance.
May 30, 2022 09:54 AM
In addition to the Admin and Report server is there an update for the FNMEA agent?
The FNMEA agent still has the impacted Spring4Shell files.