Solved

FME Server and Spring4Shell vulnerability

  • 31 March 2022
  • 2 replies
  • 8 views
K
Badge

Is FME Server affected by the recent vulnerability discovered in Spring Core?

 

https://www.contrastsecurity.com/security-influencers/new-spring4shell-vulnerability-confirmed-what-it-is-and-how-to-be-prepared

icon

Best answer by keziaatsafe 31 March 2022, 16:53

View original

2 replies

keziaatsafe
Rank
Userlevel 1
Badge +6

Hi @kjetilpettersso​ ,

 

We will continue to investigate and will update our guidance as new information becomes available. Please see this article, Spring4Shell Vulnerability: Is FME Impacted?.

 

In our initial review, the vulnerability requires Java 9 +. FME Server is running with Java 8 and therefore does not meet the requirements to be affected by this vulnerability.

 

Our team has reviewed the "Spring4Shell" vulnerability and other vulnerabilities recently discovered in the Spring Framework. We are confident that our implementation is not susceptible to the vulnerabilities described as CVE-2022-22965, CVE-2022-22963, and CVE-2022-22950.

 

 

Thank you.

K
Badge

@keziaatsafe​  Thank you!

Reply


Community Stats

28,731
Posts
109,530
Replies
36,567
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.