Spring Framework vulnerabilities (CVE-2022-22965, CVE-2022-22963)

Scheduled Maintenance Report for ControlUp Status Page

Completed

The scheduled maintenance has been completed.
Posted Apr 14, 2022 - 09:39 UTC

Scheduled

IMPORTANT NOTICE:

Following the discovery of Spring Framework vulnerabilities (CVE-2022-22965, CVE-2022-22963) from the 29th of March 2022, we conducted a full investigation and concluded that there is no vulnerable Spring Framework installed on any of our ControlUp systems.

We can confirm that no Spring Framework vulnerabilities exist on any of our customer installed components and products:

o Real-Time DX Agent

o Real-Time DX Console

o Real-Time DX Monitor Service

o Real-Time DX On-Premises Server (COP)

o Insights On-Premises (IOP)

o Solve On-Premises (SOP)

o Remote DX Plug-ins

o Edge DX Agent

o Scoutbees Custom Hive


If you have any questions, please contact us via support@controlup.com.
Posted Apr 14, 2022 - 09:26 UTC