{"id":1540442,"date":"2022-03-31T13:11:40","date_gmt":"2022-03-31T20:11:40","guid":{"rendered":"https:\/\/www.esri.com\/arcgis-blog\/?post_type=blog&p=1540442"},"modified":"2022-04-15T18:10:56","modified_gmt":"2022-04-16T01:10:56","slug":"spring-framework-rce-vulnerabilities","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/spring-framework-rce-vulnerabilities","title":{"rendered":"Spring Framework RCE Vulnerabilities"},"author":3911,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":""},"categories":[37501],"tags":[24081],"industry":[],"product":[763582],"class_list":["post-1540442","blog","type-blog","status-publish","format-standard","hentry","category-administration","tag-ssamymlgp","product-trust-arcgis"],"acf":{"short_description":"Spring4Shell vulnerability relative to ArcGIS products.","flexible_content":[{"acf_fc_layout":"content","content":"

Last Updated:<\/strong> 4\/15\/2022<\/p>\n

Due to the amount of media coverage, some customers have started asking if our products are vulnerable to the various recent Spring vulnerabilities announced.\u00a0 More specifically, CVE-2022-22965<\/a> which is a critical severity RCE vulnerability in Spring (CVSS 9.8), a popular open-source framework for Java applications. The issue is also known as \u201cSpring4Shell\u201d or \u201cSpringShell”.<\/p>\n