Latest information about vulnerability CVE-2022-42889 named Text4Shell in VertiGIS Studio and Geocortex products
A recently documented vulnerability (CVE-2022-42889) in the Apache Commons Text Java library has raised concerns.
Preliminary testing shows that no VertiGIS Studio or Geocortex products are affected.
The following products do not use Java and therefore can not be affected:
-
VertiGIS Inline
-
VertiGIS Studio Access Control
-
VertiGIS Studio Item Manager
-
VertiGIS Studio Printing
-
VertiGIS Studio Reporting
-
VertiGIS Studio Web
-
VertiGIS Studio Workflow
The following products do use Java, but scans confirm they do not contain any version of the Apache Commons Text library.
-
Geocortex Analytics
-
Geocortex Essentials
-
VertiGIS Studio Mobile
Also note that customizations to VertiGIS Studio and Geocortex software are not made using Java, so customizations would not reference Apache Commons Text or include the vulnerable library.
This article will be updated as new information becomes available.
Please sign in to leave a comment.
Comments
0 comments