ArcGIS Trust Center

Spring Framework RCE Vulnerabilities

Last Updated: 4/15/2022

Due to the amount of media coverage, some customers have started asking if our products are vulnerable to the various recent Spring vulnerabilities announced.  More specifically, CVE-2022-22965 which is a critical severity RCE vulnerability in Spring (CVSS 9.8), a popular open-source framework for Java applications. The issue is also known as “Spring4Shell” or “SpringShell”.

Based on the above, no security patches are planned for our commercial products and services for these issues.



Announcement Update History

Notify of
Inline Feedbacks
View all comments

Next Article

ArcGIS Enterprise on Kubernetes at the 2024 Esri User Conference

Read this article