Waters Employee Login

Home
Informatics
Empower/Breeze
Is Empower impacted by CVE-2022-22965 - Spring Java framework zero-day vulnerability? - WKB230892

Is Empower impacted by CVE-2022-22965 - Spring Java framework zero-day vulnerability? - WKB230892

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Article number: 230892

ENVIRONMENT

Empower
Spring Java framework (Spring4Shell)
CVE-2022-22965

ANSWER

No, Empower is not a Java-based application. Empower is not affected by CVE-2022-22965 - Spring Java framework zero-day vulnerability.

WDM is the only Java-based component of Empower.
WDM does not use Tomcat HTTP (web) server. (Tomcat web server is a prerequisite to exploit this CVE.)

ADDITIONAL INFORMATION

NVD - cve-2022-22965 (nist.gov)

id230892, EMP2LIC, EMP2OPT, EMP2SW, EMP3GC, EMP3LIC, EMP3OPT, EMP3SW, EMPGC, EMPGPC, EMPLIC, EMPOWER2, EMPOWER3, EMPSW, SUP