cancel
Showing results for 
Search instead for 
Did you mean: 

Blue Prism not affected by RCE vulnerabilities (CVE-2022-22963 & CVE-2022-2296) in Spring framework

steven.boggs
Staff
Staff

On the morning of March 31st, Blue Prism was alerted to the following critical Remote Code Execution vulnerabilities (CVE-2022-22963 & CVE-2022-2296) in spring framework:

  • CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
  • CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression


Our product security team has investigated these, and we can confirm that Blue Prism is not affected by these vulnerabilities. We do not use the Spring framework in any internally developed Blue Prism projects, and there are no reported concerns with any associated 3rd-party applications such as Logstash, ABBYY, or TrustPortal.

Please route your inquiries and concerns to Blue Prism Global Customer Support if you require any further guidance.



------------------------------
Steve Boggs
Senior Software Support Engineer
Blue Prism
Austin, TX
------------------------------
0 REPLIES 0