Last updated: Mon 4 April 2022, 17:41pm AEST

A Zero-Day vulnerability has been discovered in the SpringBoot Library Spring Cloud Function, where if an application is impacted, it allows Remote code execution via a malicious Spring Expression through the Spring Cloud Function. More details on the issue are available through CVE-2022-22963.

Please return to this article for updates from the Objective Team. 

Are my Objective solutions affected?  

Since the issue was initially identified, the Objective Product Development Team has been actively investigating the impact of the vulnerability across the entire range of Objective solutions. Each product has been updated with a status, denoting the current state of the investigation and the next steps to be taken. 

The following table will be updated as the status of each investigation is updated: 

• Not Affected: Vulnerability does not affect this product
• Mitigated: Security configuration put in place whilst awaiting Patch
• Mitigation Available: A Security configuration is available to be applied
• Patch Pending: Investigation complete. Mitigation in progress
• Patch Applied: Patch has been applied by the Objective Team
• Patch Available: Patch available for customers to install. Contact Objective Support for details

Content Solutions

RegTech

Keystone

Planning and Building