The Spring Framework, a Java framework that can be used to create applications such as web applications, was reported with a security vulnerability (CVE-2022-22963). All Progress products are not directly impacted by the Spring4Shell vulnerability. Although some of our products leverage the Spring Framework, a list of conditions must be met to exploit the vulnerability.
For the Progress products that leverage the Spring Framework refer to the information below.
We encourage customers to conduct their own research with respect to any third-party components that you may utilize in your environment and to take the appropriate actions recommended by those third parties.
POTENTIALLY IMPACTED PRODUCTS
PRODUCTS NOT DIRECTLY IMPACTED
Based on our findings, these products are not susceptible to the security vulnerability and no further action is required at this time: Chef, DataDirect (ADO.NET, ODBC, JDBC, OpenAccess, SequeLink and Data Integration Suite), Flowmon, iMail, iMacros, Kemp Loadmaster, Kendo UI, Kinvey, MessageWay, MOVEit, NativeChat, Sitefinity, Telerik, Test Studio, Unite UX, WhatsUp Gold and WS_FTP.
More product specific information can be found at the following support pages. Further updates and recommendations will be provided as needed. Please check back regularly for more information.
Questions about Progress’ privacy practices and how we handle your personal email@example.com
Use of Progress Software copyrighted materials or notice of copyright firstname.lastname@example.org
Questions about or requests to use Progress Software trademarks, logos or email@example.com
Questions about Security, Privacy, Compliance and Due Diligencesecurity@progress.com