topic Blue Prism not affected by RCE vulnerabilities (CVE-2022-22963 & CVE-2022-2296) in Spring framework in Product Forum https://community.blueprism.com/t5/Product-Forum/Blue-Prism-not-affected-by-RCE-vulnerabilities-CVE-2022-22963/m-p/45072#M1392 <P>On the morning of March 31st, Blue Prism was alerted to the following critical Remote Code Execution vulnerabilities (CVE-2022-22963 &amp; CVE-2022-2296) in spring framework:</P> <UL> <LI>CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+</LI> <LI>CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression</LI> </UL> <P><BR />Our product security team has investigated these, and<SPAN>&nbsp;</SPAN><STRONG>we can confirm that Blue Prism is not affected by these vulnerabilities</STRONG>. We do not use the Spring framework in any internally developed Blue Prism projects, and there are no reported concerns with any associated 3rd-party applications such as Logstash, ABBYY, or TrustPortal.</P> <P>Please route your inquiries and concerns to<SPAN>&nbsp;</SPAN><A data-cke-saved-href="portal.blueprism.com/customer-support/how-can-i-get-help-customer-support" href="https://community.blueprism.com/communities/community-home/digestviewer/portal.blueprism.com/customer-support/how-can-i-get-help-customer-support" target="_blank" rel="noopener">Blue Prism Global Customer Support<SPAN>&nbsp;</SPAN></A>if you require any further guidance.</P><BR /><BR />------------------------------<BR />Steve Boggs<BR />Senior Software Support Engineer<BR />Blue Prism<BR />Austin, TX<BR />------------------------------<BR /> Fri, 01 Apr 2022 18:01:00 GMT steven.boggs 2022-04-01T18:01:00Z Blue Prism not affected by RCE vulnerabilities (CVE-2022-22963 & CVE-2022-2296) in Spring framework https://community.blueprism.com/t5/Product-Forum/Blue-Prism-not-affected-by-RCE-vulnerabilities-CVE-2022-22963/m-p/45072#M1392 <P>On the morning of March 31st, Blue Prism was alerted to the following critical Remote Code Execution vulnerabilities (CVE-2022-22963 &amp; CVE-2022-2296) in spring framework:</P> <UL> <LI>CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+</LI> <LI>CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression</LI> </UL> <P><BR />Our product security team has investigated these, and<SPAN>&nbsp;</SPAN><STRONG>we can confirm that Blue Prism is not affected by these vulnerabilities</STRONG>. We do not use the Spring framework in any internally developed Blue Prism projects, and there are no reported concerns with any associated 3rd-party applications such as Logstash, ABBYY, or TrustPortal.</P> <P>Please route your inquiries and concerns to<SPAN>&nbsp;</SPAN><A data-cke-saved-href="portal.blueprism.com/customer-support/how-can-i-get-help-customer-support" href="https://community.blueprism.com/communities/community-home/digestviewer/portal.blueprism.com/customer-support/how-can-i-get-help-customer-support" target="_blank" rel="noopener">Blue Prism Global Customer Support<SPAN>&nbsp;</SPAN></A>if you require any further guidance.</P><BR /><BR />------------------------------<BR />Steve Boggs<BR />Senior Software Support Engineer<BR />Blue Prism<BR />Austin, TX<BR />------------------------------<BR /> Fri, 01 Apr 2022 18:01:00 GMT https://community.blueprism.com/t5/Product-Forum/Blue-Prism-not-affected-by-RCE-vulnerabilities-CVE-2022-22963/m-p/45072#M1392 steven.boggs 2022-04-01T18:01:00Z