Spring4Shell Vulnerabilities and GeoViewer

Issue

On March 29th, CVE-2022-22963 and CVE-2022-22965 was reported describing an exploit in the Spring4Shell library allowing a malicious user to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”.

Solution

All versions of GeoViewer are NOT affected by the reported vulnerabilities.

Our development teams have reviewed all other vulnerabilities in our Geo products and have determined these all to be low risk to the product. This means an attacker does not have control over what can be modified.