ArcGIS Trust Center

Spring Framework RCE Vulnerabilities

Last Updated: 4/15/2022

Due to the amount of media coverage, some customers have started asking if our products are vulnerable to the various recent Spring vulnerabilities announced.  More specifically, CVE-2022-22965 which is a critical severity RCE vulnerability in Spring (CVSS 9.8), a popular open-source framework for Java applications. The issue is also known as “Spring4Shell” or “SpringShell”.

Based on the above, no security patches are planned for our commercial products and services for these issues.



Announcement Update History

Inline Feedbacks
View all comments

Next Article

What’s new in ArcGIS Enterprise 11.2 on Kubernetes

Read this article