Information about Spring4Shell vulnerability CVE-2022-22965

VertiGIS uses this page to provide centralized information about the critical vulnerability CVE-2022-22965, known as Spring4Shell, disclosed on March 31, 2022, and its impact on VertiGIS product families as well as partner products. 
This article will be updated as new information becomes available. 

Product families not affected: 

• 3A:
  • Server: not affected, because no Java application
  • Editor: not affected, because no Java application
  • WMPS: not affected since Spring Framework is not used
  • Fusion Data Service: not affected, because no Java application
  • Plot: not affected, because no Java application
  • Web: not affected since Spring Framework is not used
• GEBman / ProOffice: not affected because .NET application
• GeoOffice: not affected because .NET application
• GEONIS Desktop: not affected because .NET application
• M4 Solutions / Pinpoint811: not affected because .NET application
• ConnectMaster: not affected because .NET application
• VertiGIS eGuide: not affected because .NET application
• Geocortex / VertiGIS Studio: All products that use Java do not make use of the Spring framework, and are not vulnerable to this exploit.
• UT (various modules)
  
  • UT Integrator: not affected since Spring Framework is not used
  • UT AppConnector: not affected since Spring Framework is not used
  • UT Editor: not affected because .NET application
  • UT Asset Manager: not affected because .NET application
  • UT Server: not affected because .NET application
  • UT Web App: not affected because .NET application
  • UT WMPS: not affected since Spring Framework is not used
  • UT Bauauskunft: not affected because no dependencies to the libraries spring-webmvc or spring-webflux - see article
• Partner products
  
  • Esri - see article
  • Baral - see newsletter
  • CADMAP - see Customer Area

Affected product families: 

• WebOffice: see article
• GEONIS Server: yes, but only by Esri base technology as well as WebOffice
• GEONIS Datashop: yes, but only by Esri base technology 

Furthermore, we recommend to follow this article from the developers of the Spring Framework.

Please follow this article or the article per product family to be informed about the current state of knowledge.