<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: spring4shell vulnerability in Adobe Experience Manager Questions</title>
    <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/449742#M128864</link>
    <description>&lt;P&gt;&lt;LI-USER uid="5042721"&gt;&lt;/LI-USER&gt;&amp;nbsp;Would you please help if there is any patch coming out to fix this issue. This has been reported as a vulnerability from our security team also. A fix is highly requested.&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Tue, 26 Apr 2022 12:32:19 GMT</pubDate>
    <dc:creator>Veena_Vikram</dc:creator>
    <dc:date>2022-04-26T12:32:19Z</dc:date>
    <item>
      <title>spring4shell vulnerability</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/446775#M127805</link>
      <description>&lt;P&gt;Hello Experts,&lt;/P&gt;&lt;P&gt;I am new to AEM and would like to know if this new vulnerability &lt;STRONG&gt;spring4shell&lt;/STRONG&gt; can affect our system/servers.&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;There's no public-facing component of AEM. The content from AEM is "copied" over HTTP to the 2 IIS web servers in the DMZ.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;We had fixed log4shell issue few months back. But, I am not sure about spring4shell is affecting AEM servers.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Can anyone provide inputs on this issue.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Thanks!&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Sun, 03 Apr 2022 15:59:58 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/446775#M127805</guid>
      <dc:creator>HrdRck</dc:creator>
      <dc:date>2022-04-03T15:59:58Z</dc:date>
    </item>
    <item>
      <title>Re: spring4shell vulnerability</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/446818#M127819</link>
      <description>&lt;P&gt;&lt;LI-USER uid="17527978"&gt;&lt;/LI-USER&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;1.Any application is using Spring on Java 9 or newer, especially TomCat servers are impacted&amp;nbsp;&amp;nbsp;(Java 8 does not appear to be vulnerable)&lt;BR /&gt;2.Recommend upgrading your software to Spring Framework 5.3.18.&lt;BR /&gt;3.Check the version under bundles console if you are using that functionality.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;Raja&lt;/P&gt;</description>
      <pubDate>Mon, 04 Apr 2022 08:29:04 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/446818#M127819</guid>
      <dc:creator>Raja-kp</dc:creator>
      <dc:date>2022-04-04T08:29:04Z</dc:date>
    </item>
    <item>
      <title>Re: spring4shell vulnerability</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/447154#M127950</link>
      <description>&lt;P&gt;Hello,&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;AEM includes&amp;nbsp;the bundle&amp;nbsp;&lt;EM&gt;Adobe CQ DAM Scene7 Dynamic Imaging (com.adobe.cq.dam.cq-scene7-imaging)&amp;nbsp;&lt;/EM&gt;with &lt;U&gt;&lt;EM&gt;spring-webmvc-5.2.3.RELEASE&lt;/EM&gt;&lt;/U&gt;&amp;nbsp;as an embeded dependency.&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I didn't yet find any relevant answer if&amp;nbsp;an AEM instance running on java 11 is impacted or not to&amp;nbsp;&lt;SPAN&gt;CVE-2022-22965&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Regards&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 06 Apr 2022 08:08:02 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/447154#M127950</guid>
      <dc:creator>abdellah</dc:creator>
      <dc:date>2022-04-06T08:08:02Z</dc:date>
    </item>
    <item>
      <title>Re: spring4shell vulnerability</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/448031#M128258</link>
      <description>&lt;P&gt;&lt;LI-USER uid="17444577"&gt;&lt;/LI-USER&gt;&amp;nbsp;does Adobe have any available patches or communications regarding the bundle&amp;nbsp;&lt;EM&gt;Adobe CQ DAM Scene7 Dynamic Imaging (com.adobe.cq.dam.cq-scene7-imaging)&amp;nbsp;&lt;/EM&gt;mentioned by&amp;nbsp;&lt;LI-USER uid="17481732"&gt;&lt;/LI-USER&gt;?&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 12 Apr 2022 14:20:25 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/448031#M128258</guid>
      <dc:creator>efwalko</dc:creator>
      <dc:date>2022-04-12T14:20:25Z</dc:date>
    </item>
    <item>
      <title>Re: spring4shell vulnerability</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/448033#M128259</link>
      <description>&lt;P&gt;Our AEM instance is running on Java 8. Do you know if that is impacted?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Although I see &lt;SPAN&gt;spring-webmvc-3.2.17.RELEASE.jar within&amp;nbsp;Adobe CQ DAM Scene7 Dynamic Imaging (&lt;SPAN class=""&gt;com.adobe.cq.dam.cq-scene7-imaging) bundle. That bundle is active with 1.3.58 version.&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 12 Apr 2022 14:43:55 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/448033#M128259</guid>
      <dc:creator>HrdRck</dc:creator>
      <dc:date>2022-04-12T14:43:55Z</dc:date>
    </item>
    <item>
      <title>Re: spring4shell vulnerability</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/449742#M128864</link>
      <description>&lt;P&gt;&lt;LI-USER uid="5042721"&gt;&lt;/LI-USER&gt;&amp;nbsp;Would you please help if there is any patch coming out to fix this issue. This has been reported as a vulnerability from our security team also. A fix is highly requested.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 26 Apr 2022 12:32:19 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/449742#M128864</guid>
      <dc:creator>Veena_Vikram</dc:creator>
      <dc:date>2022-04-26T12:32:19Z</dc:date>
    </item>
    <item>
      <title>Re: spring4shell vulnerability</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/449884#M128911</link>
      <description>&lt;P&gt;I have asked the internal experts to get back here.&lt;/P&gt;</description>
      <pubDate>Wed, 27 Apr 2022 05:04:47 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/449884#M128911</guid>
      <dc:creator>kautuk_sahni</dc:creator>
      <dc:date>2022-04-27T05:04:47Z</dc:date>
    </item>
    <item>
      <title>Re: spring4shell vulnerability</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/449913#M128922</link>
      <description>&lt;P&gt;&lt;SPAN&gt;We are aware of the two vulnerabilities and available patches (&lt;/SPAN&gt;&lt;A href="https://tanzu.vmware.com/security/cve-2022-22965" target="_self"&gt;&lt;SPAN&gt;C VE-2022-2296&lt;/SPAN&gt;&lt;SPAN&gt;5&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;, &lt;/SPAN&gt;&lt;A href="https://tanzu.vmware.com/security/cve-2022-22963" target="_self"&gt;&lt;SPAN&gt;C VE-2022-2296&lt;/SPAN&gt;&lt;SPAN&gt;3&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;). We are &lt;/SPAN&gt;&lt;SPAN&gt;patching within our standard vulnerability patching policies. Please reach out to Support for the update.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 27 Apr 2022 08:16:14 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/spring4shell-vulnerability/m-p/449913#M128922</guid>
      <dc:creator>kautuk_sahni</dc:creator>
      <dc:date>2022-04-27T08:16:14Z</dc:date>
    </item>
  </channel>
</rss>

