Is UIM impacted by Spring4Shell vulnerability CVE-2022-22963 and/or CVE-2022-22965?
Release : ALL
Component : UIM - SECURITY VULNERABILITIES
Two potential vulnerabilities have been identified as CVE-2022-22963 and CVE-2022-22965 affecting certain implementations of Spring Framework.
Our security teams have determined that UIM is NOT vulnerable.
UIM uses JDK8 whereas JDK9+ is required for CVE-2022-22965.
UIM is not using the routing functionality described in CVE-2022-22963.
Therefore UIM is not impacted by either vulnerability.
This includes all components including UIM CABI (internal and bundled).
See also:
https://nvd.nist.gov/vuln/detail/CVE-2022-22963
https://nvd.nist.gov/vuln/detail/CVE-2022-22965