Is NuGenesis affected by the Spring Framework vulnerability (CVE-2022-22965, aka Spring4Shell)? - WKB230673
Article number: 230673
ENVIRONMENT
- NuGenesis 9
- NuGenesis 8
ANSWER
- NuGenesis LMS: not affected by this vulnerability. LMS uses neither Apache Tomcat nor Java 9.
- NuGenesis SDMS: not affected by this vulnerability. Although SDMS uses Apache Tomcat and Java in the technology stack for the legacy SDMS Audit Trail and SDMS WebVision, SDMS does not use Java 9, and neither of the SDMS web apps deploy as WAR files.
- In addition, the standing recommendation is to upgrade Apache Tomcat to the latest release of v9.
ADDITIONAL INFORMATION
- Vulnerability announcement from Spring.IO: Spring Framework RCE, Early Announcement
id230673, NGLMS, NGLMSLIC, NGLMSOPT, SDMS, SDMS8, SDMS8NU, SUPISDMS, SUPNG