Spring Framework Vulnerability
Spring Framework Security Vulnerability Update - CVE-2022-22965 CVE-2022-22963
April 14, 2022 16:30 CT
Mitratech is aware of the Spring4Shell Spring Framework Vulnerability (CVE-2022-22965) and the Spring Cloud Function Vulnerability (CVE-2022-22963) affecting Java applications. Investigations across our applications, our vendors and third parties have already begun. Information about affected on-premise and/or hosted applications, will be published here.
Applications Under Investigation
- Acuity
- AdvanceLaw
- Casetrack
- EraCLM (ContractRoom)
- LawManager (On-premise)
- Lawtrac
- eCounsel SAP BusinessObjects (Hosted)
Applications Not Vulnerable
- Alyne
- ClusterSeven Applications
- CMO Compliance Manager
- CMPG Procipient
- CMPG VendorInsight
- CMPG VendorIntel
- CMPG VRM Pro (VendorEval)
- Collaborati
- Continuity applications
- Corridor
- Datastore
- GCD
- GLD
- INSZoom
- Integrum applications
- Law Manager Pro (if running JDK8)
- LegalHold Hosted SaaS
- OpRiskControl
- PolicyHub
- Quovant applications
- Suite (eCounsel, Secretariat) (Hosted)
- TAP
- TeamConnect SAP BusinessObjects (Hosted)
- TeamConnect SAML (Hosted)
- TeamConnect Sisense (Hosted)
- TeamConnect ElasticSearch (Hosted)
- TeamConnect (Hosted Core Application)
- Tracker I-9
- Tracker IMS
The following applications are affected:
- Law Manager Pro (when running in JDK 8)
- TeamConnect (On-premise)
- TeamConnect LegalHold Portal (On-premise)
- TeamConnect SSO SAML (On-premise)
- Suite (eCounsel and Secretariat) (On-premise)
As a preliminary mitigation,
- TeamConnect on-premise clients using Tomcat 9 with JDK 9 or greater, should upgrade to Tomcat version 9.0.62 or newer.
- On-premise TeamConnect, LegalHold, Law Manager Pro and eCounsel installation customers should consider switching to a Java 8 environment, such as OpenJDK 8, if running their applications in Java 9 or greater environments
Please note that this information may change rapidly as the threat landscape changes.
Please return to this page often for updates.