ThingWorx Navigate Spring Vulnerabilities Response (CVE-2022-22963, CVE-2022-22950, CVE-2022-22965)
Applies To
- ThingWorx Navigate 9.1 to 9.3
- Thingworx Navigate 9.0.x and earlier are not impacted
Description
- Multiple vulnerabilities have been reported for Spring, including a zero-day critical RCE (Remote Code Execution)
- While the Navigate runtime application itself does not contain Spring Framework, and therefore is not vulnerable, Navigate runs on ThingWorx. Please review the recommendations for ThingWorx at ThingWorx Spring4shell CVE-2022-22965 vulnerability incident response