Security Vulnerability updates

Check this page for updates related to critical security vulnerabilities.

In this section:

  1. CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105: Apache log4j
    CVE-2021-44228 was opened on December 10, 2021. CVE-2021-45046 and CVE-2021-45105 followed on December 14th and December 18th.
  2. CVE-2022-22963 and CVE-2022-22965: Spring Framework components
    CVE-2022-22963 & CVE-2022-22965 were opened on April 1, 2022. Initial reports indicate that CVE-2022-22963 affects Spring Cloud Function (versions 3.1.6, 3.2.2, and older versions) and CVE-2022-22965 affects Spring MVC or Spring WebFlux applications running on Java 9 and higher in WAR packages running under Tomcat.
  3. Security Update: Precautionary Measures Taken for RICOH Supervisor Customers
    Sisense, a Ricoh vendor, has notified Ricoh of a security vulnerability related to Sisense software that is integrated with RICOH Supervisor.
Parent topic: Software Support Documents