Ongoing investigation into SpringShell vulnerability and mitigation actions for Objective products

Mitigation actions for Objective products

Last updated: Fri 1 April 2022, 10:00am AEDT

A Zero-Day vulnerability has been discovered in the Spring Boot library; an open-source Java framework used by certain Objective solutions that provide the ability to execute code remotely. More details on the issue are available through CVE-2022-22965.

Please return to this blog post for updates from the Objective Team. 

Are my Objective solutions affected?  

Since the issue was initially identified, the Objective Product Development Team has been actively investigating the impact of the vulnerability across the entire range of Objective solutions. Each product has been updated with a status, denoting the current state of the investigation and the next steps to be taken. 

The following table will be updated as the status of each investigation is updated: 

  • Not Affected: Vulnerability does not affect this product
  • Mitigated: Security configuration put in place whilst awaiting Patch
  • Mitigation Available: A Security configuration is available to be applied
  • Patch Pending: Investigation complete. Mitigation in progress
  • Patch Applied: Patch has been applied by the Objective Team
  • Patch Available: Patch available for customers to install. Contact Objective Support for details

 

Content Solutions

Product

Status

Objective ECM 11.1

Not Affected1

Objective ECM 11.0.x

Not Affected1

Objective ECM 10.x

Not Affected1

Objective Connect

Not Affected1

Objective Connect Link (on-premise)

Not Affected

Objective Connect Link (cloud)

Not Affected1

Objective Gov365 (on-premise)

Not Affected1

Objective Gov365 (Cloud)

Not Affected1

Objective Redact

Not Affected

Objective Ministerials

Not Affected

Objective OpenGov

Not Affected

 

RegTech

Product

Status

Objective RegWorks (cloud)

Not Affected

Objective Regworks Mobile

Not Affected

Objective Regworks (on-prem)

Not Affected

Objective Regworks Mobile (on-prem)

Not Affected

Objective Reach

Not Affected

 

Keystone

Product

Status

Objective Keystone

Not Affected1

 

Planning and Building

Product

Status

Objective Trapeze

Not Affected

AlphaOne

Not Affected

GoGet

Not Affected

Simpli

Not Affected

 

1 At time of writing, these products are configured in a manner that cannot be exposed by this vulnerability.