Article - CS366834

ThingWorx Navigate Spring Vulnerabilities Response (CVE-2022-22963, CVE-2022-22950, CVE-2022-22965)

Modified: 06-Apr-2022   


Applies To

  • ThingWorx Navigate 9.1 to 9.3
  • Thingworx Navigate 9.0.x and earlier are not impacted

Description

  • Multiple vulnerabilities have been reported for Spring, including a zero-day critical RCE (Remote Code Execution)
  • While the Navigate runtime application itself does not contain Spring Framework, and therefore is not vulnerable, Navigate runs on ThingWorx. Please review the recommendations for ThingWorx at ThingWorx Spring4shell CVE-2022-22965 vulnerability incident response
This is a printer-friendly version of Article 366834 and may be out of date. For the latest version click CS366834