Spring Framework Vulnerabilities (CVE-2022-22965, CVE-2022-22963, CVE-2022-22947)

posted on April 5, 2022

Laserfiche is aware of the recently publicly disclosed vulnerabilities affecting the Spring Framework for Java as described in:

CVE-2022-22965 (SpringShell / Spring4Shell)
CVE-2022-22963
CVE-2022-22947

Laserfiche Cloud and Laserfiche's downloadable software products are not affected by these vulnerabilities in the Spring Framework for Java.

Customers using the Java Repository Access (JRA) library distributed with the Laserfiche Software Development Kit (SDK) are responsible for any use of the Spring Framework in their own custom projects. JRA itself is not directly affected by the above vulnerabilities.

Customers and Solution Providers looking for an official statement from Laserfiche on these vulnerabilities can find it on the Support Site here:

Spring Framework Vulnerabilities (CVE-2022-22965, CVE-2022-22963, CVE-2022-22947)

1 0

Announcement

Announcement

Spring Framework Vulnerabilities (CVE-2022-22965, CVE-2022-22963, CVE-2022-22947)

Replies

Sign in to reply to this post.