VertiGIS uses this page to provide centralized information about the critical vulnerability CVE-2022-42889, known as Text4Shell, disclosed on October 13, 2022, and its impact on VertiGIS product families as well as partner products.
This article will be updated as new information becomes available.
Product families affected:
- UT for ArcGIS: UT Integrator is affected. See article
Product families not affected:
- 3A: Does not use Apache Commons Text library
- GEBman / ProOffice: Does not use Apache Commons Text library.
- Geocortex/VertiGIS Studio: All products that use Java do not make use of the Apache Commons Text library, and are not vulnerable to this exploit. See Article
- GeoOffice: Does not use Apache Commons Text library.
- GEONIS Desktop: Does not use Apache Commons Text library.
- GEONIS Server: Does not use Apache Commons Text library.
- GEONIS Datashop: Does not use Apache Commons Text library.
- M4 Solutions / Pinpoint811: Does not use Apache Commons Text library.
- WebOffice: In WebOffice server the Apache Commons Text library is partially used, but not the functions affected by the vulnerability.
In FTS-Index (full text search) the library is available, but according to the used product "Solr" none of the affected functions are controlled here either.
Product families need review:
- ConnectMaster:
- VertiGIS eGuide:
Partner products:
- Will update as partners produce their own articles regarding CVE-2022-42889.
- Esri: Apache Commons Text Library is not used a way that would make it vulnerable to this CVE. Blog article
- CADMAP: In the customer area a hotfix for affected product is provided
Please follow this article or the article per product family to be informed about the current state of knowledge.
Comments
0 comments
Article is closed for comments.