Last updated: 04/01/2022, 16:00 AM EET
We wish to inform you that in response to the revealed zero-day remote code execution (RCE) within the Spring Framework (CVE-2022-22965) M-Files Security team has carried out a rigorous review to identify any potential exposure and risks arising from the vulnerability.
No references to the Spring Framework have been identified within M-Files core product.
In overall M-Files has identified only limited references to Spring Framework within its estate and until now no need for further actions or updates have been identified. M-Files Security team shall continue investigations and we shall keep you informed should we have additional information to share.