Skip to main content
Kofax

Kofax products and Spring4Shell vulnerability information CVE-2022-22965

Spring4Shell vulnerabilities (CVE-2022-22965) in the Spring Core Framework of the Spring Core on Java Development Kit (JDK) version 9 or later
Article # 3041775 - Page views: 2677

Kofax is aware of the recently disclosed Spring4Shell vulnerabilities (CVE-2022-22965) in the Spring Core Framework of the Spring Core on Java Development Kit (JDK) version 9 or later. The following Kofax products are using the potentially vulnerable version. Kofax is in the process of evaluating the usage of Spring4Shell in the products below and will create patches wherever it is needed, as a priority.

Products not listed on this page have been evaluated and are not vulnerable.

Affected Kofax Products Remediation Status Kofax Community Product Discussion URL
Bookmark your product's post for any future updates
Kofax Communication Manager (KCM)  KCM is not vulnerable for Spring4Shell zero-day vulnerability (CVE-2022-22965). KCM does use Spring parameter binding, but to a native (String) type. It does not bind to a POJO. Communications Manager Release Announcements
Device Web Service (DWS) The Java Development Kit (JDK) included is below JDK9 and is therefore not impacted. ControlSuite Release Announcements
Invoice Portal Invoice Portal does not use Java Development Kit version 9 (JDK9) or later and therefore is not impacted.
Please refer to the Does the spring4shell vulnerability CVE-2022-22965 affect Invoice Portal article for details.
ReadSoft Release Announcements
RPA Patches are available
See Is Kofax RPA impacted by the CVE-2022-22965 RCE Vulnerability article.
Robotic Process Automation Release Announcements
MarkView MarkView does not use Java Development Kit version 9 (JDK9) or later and therefore is not impacted.
Please refer to the Does the spring4shell vulnerability CVE-2022-22965 affect MarkView article for details.
MarkView Release Announcements
Printix Printix is not vulnerable as Spring Core is not deployed as WAR.  
SafeCom The Java Development Kit (JDK) included is below JDK9 and is therefore not impacted.  
SignDoc Potentially vulnerable. Kofax R&D is evaluating if SignDoc is impacted by this vulnerability.
Please refer to the Spring4shell vulnerability in SignDoc article for more information.
SignDoc Release Announcements

Monitor the indicated Community post for any future updates.

Kofax Technical Support

 

 

Article # 3041775
  • Was this article helpful?