In this article we would like to inform you about the vulnerability in the Spring Framework (also known as Spring4Shell), which provides a comprehensive programming and configuration model for modern Java-based enterprise applications and its use in Matrix42 products.
Matrix42 products affected by the Spring framework vulnerability
The Spring Framework is used only in the following products and all other Matrix42 products are not affected.
|Component||Matrix42 Risk evaluation||Required Actions/Recommendations||Note||Fixed Version||Mitigation|
Product not impacted
Matrix42 will continue to provide updates as necessary in this document.
Update 1 (2022-04-08):
The Spring Cloud Function vulnerability CVE-2022-22963 does not affect any Matrix42 products. The Spring Framework vulnerability CVE-2022-22965 for FastViewer and Empirum Web Console (EWC) is still under investigation.
Update 2 (2022-04-11):
FastViewer does not use the Spring Framework or Spring Cloud Function and is therefore not affected by the vulnerability CVE-2022-22965 and CVE-2022-22963.
Update 3 (2022-04-12):
Empirum Web Console (EWC) does not use the Spring Framework or Spring Cloud Function and is therefore not affected by the vulnerability CVE-2022-22965 and CVE-2022-22963.
|Date||Description of change|
|2022-04-08||Update 1 - CVE-2022-22963 (Spring Cloud Function) does not affect any Matrix42 product. CVE-2022-22965 (Spring Framework) under investigation.|
|2022-04-11||Update 2 - FastViewer not affected.|
|2022-04-12||Update 3 - Empirum Web Console (EWC) not affected.|