Last Updated

04 Apr 2022

Peer Software has been monitoring the news around the recently discovered remote code execution vulnerability that involves the Spring Framework (CVE-2022-22965).  As this vulnerability is new, we will continue to review and post updates to this advisory as necessary.

Based on the information currently available, this vulnerability does not affect any of our products.  More details can be found below.

Product/ToolVersion(s)StatusDescription
Peer Global File ServiceAllNot impactedPeerGFS uses Spring Boot (which uses Spring Framework) in a few places, but does not use any packaged WAR files.
PeerLinkAllNot impactedPeerLink does not use Spring Framework.
PeerSyncAllNot impactedPeerSync does not use Spring Framework.
PeerLockAllNot impactedPeerLock does not use Spring Framework.
File System AnalyzerAllNot impactedFile System Analyzer does not use Spring Framework.
File Activity AnalyzerAllNot impactedFile Activity Analyzer does not use Spring Framework.
Health CheckerAllNot impactedHealth Checker does not use Spring Framework.

Some additional notes on this and related vulnerabilities:

If you have additional questions, please contact our support team via the Peer Service Desk.