Is FME Server affected by the recent vulnerability discovered in Spring Core?
Solved
FME Server and Spring4Shell vulnerability
+1- Contributor
- 6 replies
Best answer by keziaatsafe
Hi @kjetilpettersso ,
We will continue to investigate and will update our guidance as new information becomes available. Please see this article, Spring4Shell Vulnerability: Is FME Impacted?.
In our initial review, the vulnerability requires Java 9 +. FME Server is running with Java 8 and therefore does not meet the requirements to be affected by this vulnerability.
Our team has reviewed the "Spring4Shell" vulnerability and other vulnerabilities recently discovered in the Spring Framework. We are confident that our implementation is not susceptible to the vulnerabilities described as CVE-2022-22965, CVE-2022-22963, and CVE-2022-22950.
Thank you.
This post is closed to further activity.
It may be an old question, an answered question, an implemented idea, or a notification-only post.
Please check post dates before relying on any information in a question or answer.
For follow-up or related questions, please post a new question or idea.
If there is a genuine update to be made, please contact us and request that the post is reopened.
It may be an old question, an answered question, an implemented idea, or a notification-only post.
Please check post dates before relying on any information in a question or answer.
For follow-up or related questions, please post a new question or idea.
If there is a genuine update to be made, please contact us and request that the post is reopened.
+8- Safer
- 153 replies
- Best Answer
Hi @kjetilpettersso ,
We will continue to investigate and will update our guidance as new information becomes available. Please see this article, Spring4Shell Vulnerability: Is FME Impacted?.
In our initial review, the vulnerability requires Java 9 +. FME Server is running with Java 8 and therefore does not meet the requirements to be affected by this vulnerability.
Our team has reviewed the "Spring4Shell" vulnerability and other vulnerabilities recently discovered in the Spring Framework. We are confident that our implementation is not susceptible to the vulnerabilities described as CVE-2022-22965, CVE-2022-22963, and CVE-2022-22950.
Thank you.