31-03-22 08:47 PM
Hello,
Is there any impact to BluePrism from the CVE-2022-22965 vulnerability?
Thanks!
Answered! Go to Answer.
31-03-22 09:00 PM
@Joshua Luken,
It's probably best to send this direct to Blue Prism Support.
I'm going to hazard a guess though, and say it’s unlikely. Blue Prism Enterprise is .NET based, and I don't see any reference to Spring in the open source and 3rd party license acknowledgments.
However, I would still suggest you send this query direct to BP Support via the portal.
Cheers,
31-03-22 09:00 PM
@Joshua Luken,
It's probably best to send this direct to Blue Prism Support.
I'm going to hazard a guess though, and say it’s unlikely. Blue Prism Enterprise is .NET based, and I don't see any reference to Spring in the open source and 3rd party license acknowledgments.
However, I would still suggest you send this query direct to BP Support via the portal.
Cheers,
01-04-22 05:41 PM
On the morning of March 31st, Blue Prism was alerted to the following critical Remote Code Execution vulnerabilities (CVE-2022-22963 & CVE-2022-2296) in spring framework:
Our product security team has investigated these, and we can confirm that Blue Prism is not affected by these vulnerabilities. We do not use the Spring framework in any internally developed Blue Prism projects, and there are no reported concerns with any associated 3rd-party applications such as Logstash, ABBYY, or TrustPortal.
Please route your inquiries and concerns to Blue Prism Global Customer Support if you require any further guidance.
05-04-22 11:40 AM
05-04-22 02:43 PM