Published Apr 4, 2022
Celigo’s Products Are Not Affected by the VMWare Spring4Shell, or Spring Framework Cloud Vulnerability
We know many customers and prospects are concerned about the recent Spring4Shell vulnerability – CVE-2022-22965. The Celigo team has taken this very seriously and initiated an investigation into the possible impact as soon as the Spring4Shell vulnerability was made public.
Celigo’s security and engineering teams have thoroughly investigated, and for the infrastructure we control directly, Celigo’s products are NOT affected as we do not use Spring4Shell for either Integrator IO (and all integration flows), or CloudExtend.
Rest assured, Celigo takes security seriously, and we have a comprehensive vulnerability management program that includes quarterly vulnerability scans, annual penetration testing, and monitoring for emerging vulnerabilities like this one for Spring4Shell.
We appreciate your concern for data security and take our role as a steward of your data very seriously. We will continue to monitor for any new developments regarding this vulnerability, and will follow this message with updates as needed.