ArcGIS Blog

Administration

ArcGIS Trust Center

Spring Framework RCE Vulnerabilities

By Michael Young

Last Updated: 4/15/2022

Due to the amount of media coverage, some customers have started asking if our products are vulnerable to the various recent Spring vulnerabilities announced.  More specifically, CVE-2022-22965 which is a critical severity RCE vulnerability in Spring (CVSS 9.8), a popular open-source framework for Java applications. The issue is also known as “Spring4Shell” or “SpringShell”.

Based on the above, no security patches are planned for our commercial products and services for these issues.

 

  • Esri Software Security & Privacy

 

Announcement Update History

  • 4/15/22 – Addition of CVE-2022-22968 & confirm no patches necessary.
  • 4/4/22 – Enterprise and Online clarifications added.
  • 3/31/22 – Initial announcement release

Share this article

Subscribe
Notify of
0 Comments
Oldest
Newest
Inline Feedbacks
View all comments