Statement Regarding Lockpoint and CVE-2022-22965 (Spring4Shell) 2022-04-05

Date: April 5, 2022

Overview

The CVE-2022-22965 (Spring4Shell) vulnerability impacts a number of Java-based applications.

Cenote Lockpoint is not vulnerable to CVE-2022-22965.

Details

Lockpoint does not use the Spring Framework, which is the component which contains the vulnerability.

This statement applies to all released versions of Lockpoint (1.x, 2.x).

Questions

If you have any questions, please contact Cenote Support.