Summary
CVE Number | Product | Impact |
---|---|---|
(Spring4Shell) | FME Desktop | Not affected |
FME Server | Not affected* | |
FME Cloud | Not affected | |
FME Mobile Apps | Not affected | |
FME License Server (FlexLM) | Not affected | |
CVE-2022-22963 | FME Desktop | Not affected |
FME Server | Not affected | |
FME Cloud | Not affected | |
FME Mobile Apps | Not affected | |
FME License Server (FlexLM) | Not affected | |
CVE-2022-22950 | FME Desktop | Not affected |
FME Server | Not affected | |
FME Cloud | Not affected | |
FME Mobile Apps | Not affected | |
FME License Server (FlexLM) | Not affected |
FME Desktop
FME Desktop/Engine installations do not include the Spring Framework, therefore no version of FME Desktop or Engine is affected by any reported vulnerabilities in the framework.FME Server
Spring4Shell (CVE-2022-22965): FME Server installations include the Spring Framework, but uses JDK version 8, and therefore does not meet the requirements to be affected by this vulnerability.
*Customers who have installed their own version of Tomcat and manually upgraded to JDK versions 9+ may be vulnerable to Spring4Shell. If you have done this, to mitigate this vulnerability it is recommended you:
- Downgrade to JDK8
- Upgrade Tomcat to 9.0.62+
CVE-2022-22950: We currently do not process SpEL expressions in our REST API, therefore no version of FME Server is affected by this vulnerability.
Comments
0 comments
Please sign in to leave a comment.