cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Advisory: Assessment of Revenera's products' exposure to Spring Framework RCE Vulnerability CVE-2022-22965

cvirata
Revenera Community Admin Revenera Community Admin
Revenera Community Admin
2 0 1,814

UPDATE (as of 7-Apr 10:00 CDT): 

A critical vulnerability potentially allowing remote code execution in Spring Framework impacting all versions prior to 5.3.18 and prior to 5.2.20. has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2022-22965 and is also commonly referred to as “Spring4Shell”.

NOTE: Be advised this is an ongoing assessment. Updates will be made to this advisory as further information becomes available.

We also recommend customers proactively monitor the Spring Framework RCE, Early Announcement blog post for continued updates directly from the Spring team.

 

Revenera Product Assessment

Product Potential Exposure to CVE-2022-22965 Potentially Exposed Component/Version Fixed Version Mitigation
InstallShield No N/A N/A N/A
InstallAnywhere No N/A N/A N/A
Code Insight No N/A N/A N/A
Code Aware No N/A N/A N/A
FlexNet Operations (ALM):         
Core module No N/A N/A N/A
Device Activation Service (LFS) No N/A N/A N/A
Notification Server (NS) No N/A N/A N/A
Software Delivery (ESD) No N/A N/A N/A
Reporter SSO No N/A N/A N/A
Usage Analytics Service (UAS) No N/A N/A N/A
FlexNet Operations (LLM): Core app No N/A N/A N/A
FlexNet Operations (On-premise) No N/A N/A N/A
Cloud Licensing Service (CLS) No N/A N/A N/A
FlexNet Embedded SDK No N/A N/A N/A
FlexNet Embedded LLS No N/A N/A N/A
FlexNet Embedded FLSM No N/A N/A N/A
FlexNet Publisher No N/A N/A N/A
FlexNet Connect No N/A N/A N/A
Usage Intelligence No N/A N/A N/A
Usage Intelligence SDK No N/A N/A N/A
Compliance Intelligence No N/A N/A N/A
Compliance Intelligence SDK No N/A N/A N/A

Note: The assessed status are of Revenera products versions that are still supported (that is, they have not yet reached their End-of-Life). Product lifecycle dates can be found at https://docs.revenera.com/eol/.

 

Related Information

 

Change Log

2022-04-07 10:00 CDT: Assessment updates provided for FlexNet Operations ALM by component and FlexNet Embedded FLSM. 

2022-04-05 08:54 CDT: Initial Revenera product assessment details published. 

2022-03-31 16:00 CDT: Initial security advisory.


INITIAL SECURITY ADVISORY (31-Mar 15:47 CDT):

Please be advised of a recent remote code execution (RCE) vulnerability discovered in Spring Framework. For details about the following vulnerabilities, please see the resources below:

Based on the information currently available, Revenera product teams are actively investigating the impact, if any, this vulnerability may have on our solutions, and we will continue to monitor for updates from security experts. We also recommend customers proactively monitor the Spring Framework RCE, Early Announcement blog post for continued updates directly from the Spring team.

We appreciate your patience during this time as we work to complete our product assessments. We will provide status updates once we have more information about the scope of the vulnerability’s impact, and if any remediation steps are required.