SpringCore Remote Code Execution Vulnerability Statement (CVE-2022-22965)

The SpringCore Remote Code Execution Vulnerability in the popular Java framework SpringCore can allow unauthenticated remote code execution. SpringCore is a set of Java libraries that allows application development to proceed in a structured way. These applications can be run as standalone or in a web application environment such as Tomcat. Attackers can use this vulnerability to execute arbitrary code in the context of the Spring applications.

For more information, see: Spring Framework RCE, Early Announcement.

Is the Anywhere365 suite of products affected?

Anywhere365 is aware of this vulnerability. After thorough verification, we have determined that our products are not impacted by this vulnerability.