Is FME Server affected by the recent vulnerability discovered in Spring Core?
Is FME Server affected by the recent vulnerability discovered in Spring Core?
Hi @kjetilpettersso ,
We will continue to investigate and will update our guidance as new information becomes available. Please see this article, Spring4Shell Vulnerability: Is FME Impacted?.
In our initial review, the vulnerability requires Java 9 +. FME Server is running with Java 8 and therefore does not meet the requirements to be affected by this vulnerability.
Our team has reviewed the "Spring4Shell" vulnerability and other vulnerabilities recently discovered in the Spring Framework. We are confident that our implementation is not susceptible to the vulnerabilities described as CVE-2022-22965, CVE-2022-22963, and CVE-2022-22950.
Thank you.
@keziaatsafe Thank you!