Is FME Server affected by the recent vulnerability discovered in Spring Core?
Solved
FME Server and Spring4Shell vulnerability
+1- Contributor
Best answer by keziaatsafe
Hi @kjetilpettersso ,
We will continue to investigate and will update our guidance as new information becomes available. Please see this article, Spring4Shell Vulnerability: Is FME Impacted?.
In our initial review, the vulnerability requires Java 9 +. FME Server is running with Java 8 and therefore does not meet the requirements to be affected by this vulnerability.
Our team has reviewed the "Spring4Shell" vulnerability and other vulnerabilities recently discovered in the Spring Framework. We are confident that our implementation is not susceptible to the vulnerabilities described as CVE-2022-22965, CVE-2022-22963, and CVE-2022-22950.
Thank you.
+7- Safer
- Best Answer
Hi @kjetilpettersso ,
We will continue to investigate and will update our guidance as new information becomes available. Please see this article, Spring4Shell Vulnerability: Is FME Impacted?.
In our initial review, the vulnerability requires Java 9 +. FME Server is running with Java 8 and therefore does not meet the requirements to be affected by this vulnerability.
Our team has reviewed the "Spring4Shell" vulnerability and other vulnerabilities recently discovered in the Spring Framework. We are confident that our implementation is not susceptible to the vulnerabilities described as CVE-2022-22965, CVE-2022-22963, and CVE-2022-22950.
Thank you.
Reply
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Helpful Members This Week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.