A critical vulnerability potentially allowing remote code execution in Spring Framework impacting all versions prior to 5.3.18 and prior to 5.2.20. has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2022-22965 and is also commonly referred to as “Spring4Shell”.
NOTE: Be advised this is an ongoing assessment. Updates will be made to this advisory as further information becomes available.
Note: The assessed status are of Revenera products versions that are still supported (that is, they have not yet reached their End-of-Life). Product lifecycle dates can be found at https://docs.revenera.com/eol/.
Based on the information currently available, Revenera product teams are actively investigating the impact, if any, this vulnerability may have on our solutions, and we will continue to monitor for updates from security experts. We also recommend customers proactively monitor the Spring Framework RCE, Early Announcement blog post for continued updates directly from the Spring team.
We appreciate your patience during this time as we work to complete our product assessments. We will provide status updates once we have more information about the scope of the vulnerability’s impact, and if any remediation steps are required.