Is PeopleSync affected by Spring4Shell?

\uD83E\uDD14 Problem

A zero-day exploit has been found in the Sprint Framework. The exploit allows remote code execution. This security issue is logged as “CVE-2022-22965”. It has the nickname “Spring4Shell”.

Is PeopleSync affected?

\uD83C\uDF31 Solution

No, PeopleSync is not affected.

Product	Vulnerable	Reason
PeopleSync Backend	No	The Backend is written in .net. We are not using Java libraries and frameworks.
PeopleSync Frontend	No	The Frontend is written in PHP. We are not using Java libraries and frameworks.
PeopleSync Android App	No	There are no dependencies to spring

Other components

If you run any 3rd-party-components on your server, please check them for the vulnerability and contact the manufacturer of the software or author of the component.

\uD83D\uDCCE Related articles

Page:

How to know if Frontend is operational
Page:

Service does not Start after Update - Error 1110 in Eventlog
Page:

Object Filters for AD / LDAP Agents
Page:

User Roles Menu Not Visible in Navigation
Page:

Database Agent: Certificate Trust Issues