Skip to main content
Matrix42 Self-Service Help Center

CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9 - Spring4Shell

Overview

CVE              CVE-2022-22965CVE-2022-22963
CWE            CWE-94
CVSS v3    N/A

In this article we would like to inform you about the vulnerability in the Spring Framework (also known as Spring4Shell), which provides a comprehensive programming and configuration model for modern Java-based enterprise applications and its use in Matrix42 products.

Matrix42 products affected by the Spring framework vulnerability

The Spring Framework is used only in the following products and all other Matrix42 products are not affected.

Component Matrix42 Risk evaluation Required Actions/Recommendations Note Fixed Version Mitigation

FireScope

 

Risk-free None

Product not impacted

N/A

N/A

Next Steps

Matrix42 will continue to provide updates as necessary in this document.

Updates

Update 1 (2022-04-08):
The Spring Cloud Function vulnerability CVE-2022-22963 does not affect any Matrix42 products. The Spring Framework vulnerability CVE-2022-22965 for FastViewer and Empirum Web Console (EWC) is still under investigation.

Update 2 (2022-04-11):
FastViewer does not use the Spring Framework or Spring Cloud Function and is therefore not affected by the vulnerability CVE-2022-22965 and CVE-2022-22963.

Update 3 (2022-04-12):
Empirum Web Console (EWC) does not use the Spring Framework or Spring Cloud Function and is therefore not affected by the vulnerability CVE-2022-22965 and CVE-2022-22963.

Change log

Date Description of change
2022-04-01 Initial publication
2022-04-08 Update 1 - CVE-2022-22963 (Spring Cloud Function) does not affect any Matrix42 product. CVE-2022-22965 (Spring Framework) under investigation.
2022-04-11 Update 2 - FastViewer not affected.
2022-04-12 Update 3 - Empirum Web Console (EWC) not affected.