Loading

Spring4Shell _ Day0 Spring Framework vulnerability

Publiseringsdato: Oct 13, 2022
Beskrivelse
Update 4/12/22: The product statuses below may be updated based on our continued response to vulnerabilities announced in CVE-2022-22963 and CVE 2022-22965.


Salesforce is following our vulnerability management process in patching Salesforce services to address the security issues referenced in these vulnerabilities. For more details specific to individual services, see below.
 

Product

Status

Sales Cloud

Sales Cloud is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965.  

Service Cloud

Service Cloud has been patched to address the issues currently identified in CVE-2022-22963 and CVE 2022-22965.

Dataloader

Dataloader is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965.  

Experience (Community) Cloud

Experience Cloud has been patched to address the issues currently identified in CVE-2022-22963 and CVE 2022-22965.

B2B Commerce Cloud

B2B Commerce Cloud is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965.  

B2C Commerce Cloud

B2C Commerce Cloud has been patched to address the issues currently identified in CVE-2022-22963 and CVE 2022-22965.

Marketing Cloud

Marketing Cloud is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965.  

Marketing Cloud Account Engagement (Pardot)

Marketing Cloud Account Engagement is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

Evergage (Interaction Studio)

Evergage is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

Datorama

Datorama is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965.  

Data.com

Data.com is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

Heroku

Heroku is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

MuleSoft (Cloud)

MuleSoft (Cloud) is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

MuleSoft (On-Premise)

MuleSoft (On-Premise) is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

ClickSoftware (As-a-Service)

ClickSoftware (As-a-Service) has been patched to address the issues currently identified in CVE-2022-22963 and CVE 2022-22965.

ClickSoftware (On-Premise)

ClickSoftware (On-Premise) has been patched to address the issues currently identified in CVE-2022-22963 and CVE 2022-22965.

Tableau (Online)

Tableau Online is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

Tableau (On-Premise)

Tableau (On-Premise) is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

Slack

Slack is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

Quip

Quip is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

Analytics Cloud

Analytics Cloud is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965.  

Philanthropy Cloud

Philanthropy Cloud has been patched to address the issues currently identified in CVE-2022-22963 and CVE 2022-22965.

AppExchange

AppExchange is not affected by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. 

 
We are actively working with our third-party vendors and partners to ensure they have mitigations in place and are updating their software or services to remediate the issues referenced in CVE-2022-22963 and CVE 2022-22965. As these issues continue to evolve, we will implement additional remediation actions as appropriate. 

As part of our continuous detection and monitoring systems, we have implemented detection and monitoring to alert for any potential exploitation attempts. If Salesforce becomes aware of unauthorized access to Customer Data, we will notify impacted customers without undue delay.

Updates will be posted to status.salesforce.com as additional information becomes available.

Knowledge-artikkelnummer

000390926

 
Laster
Salesforce Help | Article