Last updated: 23/Apr/2018
Article No.: 000015783
- Dr.Sum EA TextOLAP 4.0 to 4.2
- Dr. Sum TextOLAP 5.0
- Dr.Sum Connect 5.0
Pivotal Software announced that several vulnerability issues exist in Spring Framework products. Following products and versions of Spring Framework allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the
spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Affected Pivotal Products and Versions:
- Spring Framework 5.0 to 5.0.4
- Spring Framework 4.3 to 4.3.15
For more details, please refer to following articles: https://www.jpcert.or.jp/english/at/2018/at180014.html
Impact on WingArc Products:
We confirmed following Dr. Sum products use Spring Framework but there's no impact for the vulnerabilities.
- Dr. Sum TextOLAP 4.2 & 5.0: Spring Framework 4.1.9
- Dr. Sum TextOLAP 4.0 & 4.1: Spring Framework 3.1.2
- Dr. Sum Connect: Spring Framework 3.0.7
SVF, SPA and MotionBoard products don't use Spring Framework products.