hero-banner

Spring4Shell Vulnerability

Status: Active Last Update: Original Postdate:

Overview

Progress is providing the following update regarding the Spring4shell.

Details

The Spring Framework, a Java framework that can be used to create applications such as web applications, was reported with a security vulnerability (CVE-2022-22963). All Progress products are not directly impacted by the Spring4Shell vulnerability. Although some of our products leverage the Spring Framework, a list of conditions must be met to exploit the vulnerability.

For the Progress products that leverage the Spring Framework refer to the information below.  

 

We encourage customers to conduct their own research with respect to any third-party components that you may utilize in your environment and to take the appropriate actions recommended by those third parties.

POTENTIALLY IMPACTED PRODUCTS

Corticon: For more details, review the following KB article

OpenEdge: For more details, review the following KB article

 PRODUCTS NOT DIRECTLY IMPACTED

Based on our findings, these products are not susceptible to the security vulnerability and no further action is required at this time: Chef, DataDirect (ADO.NET, ODBC, JDBC, OpenAccess, SequeLink and Data Integration Suite), Flowmon, iMail, iMacros, Kemp Loadmaster, Kendo UI, Kinvey, MessageWay, MOVEit, NativeChat, Sitefinity, Telerik, Test Studio, Unite UX, WhatsUp Gold and WS_FTP.

More product specific information can be found at the following support pages. Further updates and recommendations will be provided as needed. Please check back regularly for more information.

 

Contact information

Privacy

Questions about Progress’ privacy practices and how we handle your personal data

privacy@progress.com

Copyrights

Use of Progress Software copyrighted materials or notice of copyright infringement

copyrights@progress.com

Trademarks

Questions about or requests to use Progress Software trademarks, logos or branding

trademarks@progress.com

General legal

legal@progress.com

Governance

bod@progress.com

Security

Questions about Security, Privacy, Compliance and Due Diligence

security@progress.com