cancel
Showing results for 
Search instead for 
Did you mean: 
SamPirok
Community Manager Community Manager
Community Manager

Please be advised that SA-2022-003 has been published.  This is a first in a series of "Spring4Shell" advisories.

 

Security Advisory Link:  Security Advisory: SA-2022-003 – "Spring4Shell" (CVE-2022-22965) | Extreme Portal (force.com)

 

Summary:

A Spring MVC or Spring WebFlux application may be vulnerable to remote code execution (RCE) via data binding. You can find a list of all products and whether or not they are effected by this advisory in the article linked above. 

6 Comments
Danny_Schaper
New Contributor
@Sam Pirok When will these articles be updated? There are still some products under investigation...​
SamPirok
Community Manager Community Manager
Community Manager
Hi Danny, those articles should be updated as soon as we know more. If you can let me know which product you're interested in, I can double check internally to see if I can find anything out for you?
Danny_Schaper
New Contributor
Hi Sam. Thanks for your quick response. I'm interested in BOSS and WiNG products in this case.
Danny_Schaper
New Contributor
Hi Sam, any news on this?
SamPirok
Community Manager Community Manager
Community Manager
Hi Danny, sorry for the long wait here. I've just been told that we've updated our documentation to show that these products are not affected by the above CVE. Please let me know if I can help with anything else, and thanks very much for your patience.
Danny_Schaper
New Contributor
Hi Sam, I've noticed that last Wednesday. Thanks!
GTM-P2G8KFN