Blue Prism not affected by RCE vulnerabilities (CV...

Community
- Product Forum
  
  Get personalized help and advice from other SS&C Blue Prism users here.
- Digital Exchange
  
  Get community support for SS&C | Blue Prism® Digital Exchange assets and discuss the DX.
- SS&C Blue Prism Products
- Support Center
- Documentation
- First Steps
  
  Discover how to set up, deploy, maintain and support your SS&C | Blue Prism® Cloud or SS&C | Blue Prism® Enterprise solution.
- University Forum
  
  Upskill together with other SS&C Blue Prism learners. Share your learning objectives, get advice on courses and celebrate your latest certifications.
- Getting Started
  
  New to SS&C Blue Prism? Get advice on setup, deployment and organizational adoption.
- Blogs
  
  Your window to developer insights, customer stories, the latest company news, and more.
- Events
  
  Meet online or in person and discuss the world of intelligent automation.
- Product Ideas
  
  Submit and vote for your favorite ideas on how to improve SS&C Blue Prism products.
- Blueprints
  
  Intelligent automation use cases, shared by the teams who designed and deployed them.
- Product Research Program
  
  Help us meet your automation needs by participating in user research, beta trials and surveys.
- User Groups
  
  Find new friends and professional connections across the intelligent automation community.
- Welcome Space
  
  Find community news, activities, and tips here. You can also introduce yourself!
- Community FAQ
  
  Learn how to make the most of the SS&C Blue Prism Community.
- Community Suggestions
  
  Got an idea on how to improve the SS&C Blue Prism Community? Submit them, and vote on others, here.
- NHS Network
  
  A private area for NHS developers to network, collaborate and share best practices.
- Local Language
  
  Bienvenido! Salut! Witaj! Find intelligent automation professionals who speak your language here.
- Off-Topic Chat
  
  This space is for discussion about anything and everything – except intelligent automation!
- Local Government Network
  
  Discuss intelligent automation best practices and tactics for Local Government settings here.
- UK Higher Education Network
  
  Discuss intelligent automation best practices and tactics for Higher Education settings in the UK here.
- North America Healthcare Network
  
  Revolutionize the North American healthcare industry together with other intelligent automation professionals here. Please note: the content of this community is commercial in confidence, share with appropriate discretion.
- Meet the Team
- Meet the MVPs

On the morning of March 31st, Blue Prism was alerted to the following critical Remote Code Execution vulnerabilities (CVE-2022-22963 & CVE-2022-2296) in spring framework:

CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

Our product security team has investigated these, and we can confirm that Blue Prism is not affected by these vulnerabilities. We do not use the Spring framework in any internally developed Blue Prism projects, and there are no reported concerns with any associated 3rd-party applications such as Logstash, ABBYY, or TrustPortal.

Please route your inquiries and concerns to Blue Prism Global Customer Support if you require any further guidance.

------------------------------
Steve Boggs
Senior Software Support Engineer
Blue Prism
Austin, TX
------------------------------

0 REPLIES 0

SS&C Blue Prism Community

Blue Prism not affected by RCE vulnerabilities (CVE-2022-22963 & CVE-2022-2296) in Spring framework