- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
31-03-22 08:47 PM
Hello,
Is there any impact to BluePrism from the CVE-2022-22965 vulnerability?
Thanks!
------------------------------
Joshua Luken
------------------------------
Answered! Go to Answer.
Helpful Answers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
31-03-22 09:00 PM
@Joshua Luken,
It's probably best to send this direct to Blue Prism Support.
I'm going to hazard a guess though, and say it’s unlikely. Blue Prism Enterprise is .NET based, and I don't see any reference to Spring in the open source and 3rd party license acknowledgments.
However, I would still suggest you send this query direct to BP Support via the portal.
Cheers,
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
31-03-22 09:00 PM
@Joshua Luken,
It's probably best to send this direct to Blue Prism Support.
I'm going to hazard a guess though, and say it’s unlikely. Blue Prism Enterprise is .NET based, and I don't see any reference to Spring in the open source and 3rd party license acknowledgments.
However, I would still suggest you send this query direct to BP Support via the portal.
Cheers,
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-04-22 05:41 PM
On the morning of March 31st, Blue Prism was alerted to the following critical Remote Code Execution vulnerabilities (CVE-2022-22963 & CVE-2022-2296) in spring framework:
- CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression
Our product security team has investigated these, and we can confirm that Blue Prism is not affected by these vulnerabilities. We do not use the Spring framework in any internally developed Blue Prism projects, and there are no reported concerns with any associated 3rd-party applications such as Logstash, ABBYY, or TrustPortal.
Please route your inquiries and concerns to Blue Prism Global Customer Support if you require any further guidance.
------------------------------
Steve Boggs
Senior Software Support Engineer
Blue Prism
Austin, TX
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-04-22 11:40 AM
------------------------------
SriGuru Ganesh N G
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-04-22 02:43 PM
------------------------------
Steve Boggs
Senior Software Support Engineer
Blue Prism
Austin, TX
------------------------------
