Knowledge base for CVE-2022-22965

General Information

This page contains information and frequently asked questions and answers related to recent vulnerabilities found in the popular Spring framework which could lead to remote code execution (RCE): https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities

CVE ID	CVE-2022-22965

Are my ServiceRocket Cloud apps affected?

Product	Impact
Composition Tabs for Confluence	NOT AFFECTED
Connector for Salesforce & Confluence Cloud	NOT AFFECTED
Connector for Salesforce and Jira	NOT AFFECTED
Connector for Workplace and Jira (Beta)	NOT AFFECTED
Contact Views for Salesforce & JSM	NOT AFFECTED
Linking for Confluence	NOT AFFECTED
Publisher for Confluence Cloud to Salesforce	NOT AFFECTED
Reporting for Confluence	NOT AFFECTED
Scaffolding Forms & Templates	NOT AFFECTED
Security and Encryption for Confluence	NOT AFFECTED
Support Dashboards and Reports for JSM	NOT AFFECTED
Surveys for JSM	NOT AFFECTED
Visibility for Confluence	NOT AFFECTED
Birdview for Confluence	NOT AFFECTED
Google Data Studio for Jira	NOT AFFECTED
Attendance Taker for Classroom	NOT AFFECTED
Moderate for Workplace	NOT AFFECTED
Ourly/Emailless for Workplace	NOT AFFECTED
Salesforce Lead Bot for Workplace	NOT AFFECTED

Are my ServiceRocket Server apps affected?

Product	Impact
Classic Connector for Salesforce & Jira	NOT AFFECTED
Composition Tabs for Confluence	NOT AFFECTED
Connector for Google Drive & Confluence	NOT AFFECTED
Connector for Salesforce & Confluence Server & Data Center	NOT AFFECTED
Connector for Salesforce and Jira	NOT AFFECTED
Connector for Venafi & JSM (Beta)	NOT AFFECTED
Google Calendar for Confluence	NOT AFFECTED
Linking for Confluence	NOT AFFECTED
Page Approval for Confluence	NOT AFFECTED
Pathways Lite for Confluence	NOT AFFECTED
Pathways Pro for Confluence	NOT AFFECTED
Redirection for Confluence	NOT AFFECTED
Reporting for Confluence	NOT AFFECTED
Scaffolding Forms & Templates	NOT AFFECTED
SCORM Learning for Confluence	NOT AFFECTED
Security and Encryption for Confluence	NOT AFFECTED
Tracking Access for Confluence	NOT AFFECTED
Visibility for Confluence	NOT AFFECTED

Are my ServiceRocket Data Center apps affected?

Product	Impact
Classic Connector for Salesforce & Jira	NOT AFFECTED
Composition Tabs for Confluence	NOT AFFECTED
Connector for Google Drive & Confluence	NOT AFFECTED
Connector for Salesforce & Confluence Server & Data Center	NOT AFFECTED
Connector for Salesforce and Jira	NOT AFFECTED
Linking for Confluence	NOT AFFECTED
Reporting for Confluence	NOT AFFECTED
Scaffolding Forms & Templates	NOT AFFECTED
Security and Encryption for Confluence	NOT AFFECTED
Visibility for Confluence	NOT AFFECTED

How can I mitigate this exploit?

Ensure all ServiceRocket apps have been updated to the latest or supported version and review Atlassian's announcement for CVE-2022-22965 for more information.

How can I tell if my system has been compromised?

Unfortunately, ServiceRocket cannot confirm if your instance has been compromised. All security compromises are different, and we strongly recommend involving your local security team or a specialist security forensics firm for further investigation.