Spring4Shell Vulnerability

The Spring Framework, a Java framework that can be used to create applications such as web applications, was reported with a security vulnerability (CVE-2022-22963). All Progress products are not directly impacted by the Spring4Shell vulnerability. Although some of our products leverage the Spring Framework, a list of conditions must be met to exploit the vulnerability.

For the Progress products that leverage the Spring Framework refer to the information below.  

We encourage customers to conduct their own research with respect to any third-party components that you may utilize in your environment and to take the appropriate actions recommended by those third parties.

POTENTIALLY IMPACTED PRODUCTS

Corticon: For more details, review the following KB article

OpenEdge: For more details, review the following KB article

 PRODUCTS NOT DIRECTLY IMPACTED

Based on our findings, these products are not susceptible to the security vulnerability and no further action is required at this time: Chef, DataDirect (ADO.NET, ODBC, JDBC, OpenAccess, SequeLink and Data Integration Suite), Flowmon, Kemp Loadmaster, Kendo UI, Kinvey, MOVEit, NativeChat, Sitefinity, Telerik, Test Studio, Unite UX, WhatsUp Gold and WS_FTP.

More product specific information can be found at the following support pages. Further updates and recommendations will be provided as needed. Please check back regularly for more information.

• DataDirect
  • Hybrid Data Pipeline
  • ODBC and JDBC Drivers
• LoadMaster
• MOVEit
• Sitefinity
• WhatsUp Gold
• WS_FTP