Dear Cubeware Customers and Partners,
We are aware of the Spring4Shell vulnerability (issued by the VMWare CVE-2022-22963 and CVE-2022-22965) that was announced on April 11th, 2022. The latest details regarding the vulnerability — as well as the security patches and software updates — can be found here.
The Cubeware Solutions Platform (CSP8) does not use Spring Framework, Spring Boot, or Apache Tomcat in any way or in any part of the platform, source code, or underlying framework, so please be assured that users of CSP8 remain unaffected by this vulnerability.
