Is Sterling Order Management affected by Spring vulnerability CVE-2022-22963?
IBM is aware of a recently surfaced vulnerability CVE-2022-22963 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation:
Component |
Spring
version
used
| Impacted by
CVE-2022-22963 |
Immediate
Mitigation
Plan
| Latest Status
—|—|—|—|—
Sterling Order Management SaaS, On-prem and Certified Containers (including Store Engagement & Call Center) | Not used | No | N/A | Not vulnerable
Inventory Visibility
Microservice
| Not used | No | N/A | Not vulnerable
Intelligent Promising
Microservice
| Not used | No | N/A | Not vulnerable
OMS Data Exchange Service | Not used | No | N/A | Not vulnerable
Store Inventory Management
Microservice
| Not used | No | N/A | Not vulnerable
Order Hub | Not used | No | N/A | Not vulnerable
Sterling Fulfillment Optimizer | Not used | No | N/A | Not vulnerable
Configure, Price, Quote (CPQ): Omni-Configurator and Visual Modeler | Not used | No | N/A | Not vulnerable
Configure, Price, Quote (CPQ): Field Sales | Not used | No | N/A | Not vulnerable
CVE-2022-22963 - National Vulnerability Database
CVE-2022-22963: Spring Framework RCE via Data Binding on JDK 9+ - vmware.com
[{“Type”:“MASTER”,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Product”:{“code”:“SS6PEW”,“label”:“Sterling Order Management”},“ARM Category”:[{“code”:“a8m0z000000cy00AAA”,“label”:“Orders”}],“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“All Versions”}]
CPE | Name | Operator | Version |
---|---|---|---|
sterling order management | eq | any |