Spring4Shell Vulnerabilities and Express Server

Issue

On March 29th, CVE-2022-22963 and CVE-2022-22965 was reported describing an exploit in the Spring4Shell library allowing a malicious user to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”.

Solution

All versions of Express Server are NOT affected by the reported vulnerabilities.

Our development teams have reviewed all other vulnerabilities in our Geo products and have determined these all to be low risk to the product. This means an attacker does not have control over what can be modified.

If you have any further questions please submit a support request and we'll be happy to assist.