SailPoint has reviewed the currently available information on the Spring Framework RCE vulnerability (CVE-2022-22965), also referred to as Spring4Shell, and determined that SailPoint products are not impacted by this vulnerability. Some of SailPoint products use Spring Framework, however the other necessary conditions to exploit this vulnerability aren't present. Those products will upgrade to a Spring Framework version that isn't impacted by this vulnerability in the near future.
If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the product-specific blogs on Compass for future security and other important announcements related to the individual products.
