Article - CS366834
ThingWorx Navigate Spring Vulnerabilities Response (CVE-2022-22963, CVE-2022-22950, CVE-2022-22965)
Modified: 06-Apr-2022
Applies To
- ThingWorx Navigate 9.1 to 9.3
- Thingworx Navigate 9.0.x and earlier are not impacted
Description
- Multiple vulnerabilities have been reported for Spring, including a zero-day critical RCE (Remote Code Execution)
- While the Navigate runtime application itself does not contain Spring Framework, and therefore is not vulnerable, Navigate runs on ThingWorx. Please review the recommendations for ThingWorx at ThingWorx Spring4shell CVE-2022-22965 vulnerability incident response
This is a printer-friendly version of Article 366834 and may be out of date. For the latest version click CS366834