Is PeopleSync affected by Spring4Shell?
- EBERHARD, Sebastian (messageconcept)
Problem
A zero-day exploit has been found in the Sprint Framework. The exploit allows remote code execution. This security issue is logged as “CVE-2022-22965” and “CVE-2022-22963”. It is nicknamed “Spring4Shell”.
Is PeopleSync affected?
Solution
No, PeopleSync is not affected.
Product | Vulnerable | Reason |
|---|---|---|
PeopleSync Backend | No | The Backend is written in .net. We are not using Java libraries and frameworks. |
PeopleSync Frontend | No | The Frontend is written in PHP. We are not using Java libraries and frameworks. |
PeopleSync Android App | No | There are no dependencies to spring |
Other components
If you run any 3rd-party-components on your server, please check them for the vulnerability and contact the manufacturer of the software or author of the component.
Related articles
© 2010-2024 messageconcept GmbH / messageconcept software GmbH
Legal Notice / Imprint