A security vulnerability (known as "Spring4Shell" or "SpringShell") in the Spring Framework has recently become known. This allows remote code executions (RCEs) under certain circumstances.
Some con terra Technologies products use this framework and are therefore potentially affected by the vulnerability. We are working intensively on the fix and will inform you continuously in this article.
The following con terra Technologies products are affected:
- security.manager Enterprise Edition <=4.18.3
- smart.finder SDI <=2.2.0
Other con terra Technologies products are not affected.
A hotfix is available for the above products that closes the attack vector:
We strongly recommend to apply the hotfix immediately for the above mentioned products.
security.manager Enterprise Edition 4.18.5 is now available for download via the con terra Portal. This version is not affected by the security issue. The hotfix is no longer required.
We will soon release a new version of smart.finder SDI. It will also use updated libraries of the Spring Framework where the problem is fixed.
Information from Esri (ArcGIS) and Safe Software (FME)
- Esri: Spring Framework RCE Vulnerabilities
- Safe Software: Spring4Shell Vulnerability: Is FME Impacted?
Status: 2022/04/12, 14:00