ControlSuite and the Spring4Shell vulnerability CVE-2022-22965
Article # 3041868 - Page views: 293
Question:
Are ControlSuite, Autostore, Equitrac and/or Output Manager components affected by the Spring4Shell vulnerability (CVE-2022-22965)
Answer:
No, the spring4shell vulnerability CVE-2022-22965 is not applicable to Controlsuite.
The vulnerability is defined as requiring specific versions of Spring (5.3.0 to 5.3.17, 5.2.0 to 5.2.19 and older versions) running on specific versions of Java (JDK9 and above).
Device Web Service (DWS)
DWS is using Spring apps, however it using JDK8, therefore is not vulnerable
Other Applications
- All Other Equitrac, Autostore and Output Manager Components do not contain or use Spring Apps.
Applies to:
| Product | Version |
|---|---|
| AutoStore | 7 & 6 |
| ControlSuite | 1.x |
| Equitrac | 5.x |
| Output Manager | 4.x |
Article # 3041868