cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Spring Framework RCE vulnerability (Spring4Shell - CVE-2022-22965) update - March 31, 2022

lorrin_minton
Community Manager
Community Manager
16 0 4,475

Impacted Products: None

SailPoint has reviewed the currently available information on the Spring Framework RCE vulnerability (CVE-2022-22965), also referred to as Spring4Shell, and determined that SailPoint products are not impacted by this vulnerability. Some of SailPoint products use Spring Framework, however the other necessary conditions to exploit this vulnerability aren't present. Those products will upgrade to a Spring Framework version that isn't impacted by this vulnerability in the near future.

If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the product-specific blogs on Compass for future security and other important announcements related to the individual products.