Spring Framework RCE and M-Files

Version 1

Last updated: 04/01/2022, 16:00 AM EET           


Dear Customer,

We wish to inform you that in response to the revealed zero-day remote code execution (RCE) within the Spring Framework (CVE-2022-22965) M-Files Security team has carried out a rigorous review to identify any potential exposure and risks arising from the vulnerability.

No references to the Spring Framework have been identified within M-Files core product.

In overall M-Files has identified only limited references to Spring Framework within its estate and until now no need for further actions or updates have been identified. M-Files Security team shall continue investigations and we shall keep you informed should we have additional information to share.

Best regards,

M-Files Security