CVE-2022-22963 and CVE-2022-22965: Spring Framework components

CVE-2022-22963 & CVE-2022-22965 were opened on April 1, 2022. Initial reports indicate that CVE-2022-22963 affects Spring Cloud Function (versions 3.1.6, 3.2.2, and older versions) and CVE-2022-22965 affects Spring MVC or Spring WebFlux applications running on Java 9 and higher in WAR packages running under Tomcat.

These RICOH software products do not include the Spring Framework components listed above and are not vulnerable to this issue:

  • RICOH AFP Resource Installer
  • RICOH InfoPrint Font Collection
  • RICOH InfoPrint Manager
  • RICOH InfoPrint PPFA
  • RICOH InfoPrint Workflow
  • RICOH InfoPrint XT
  • RICOH ProcessDirector
  • RICOH Supervisor
  • RICOH TotalFlow BatchBuilder
  • RICOH TotalFlow Prep
  • RICOH TotalFlow Production Manager
  • RICOH Web Enablement Solutions Suite

Parent topic: Security Vulnerability updates