sk84t (sk84t) asked a question.
Spring4Shell?
Does anyone know if Okta utilizes the SpringCore framework for their SSO product, and if so, are they potentially vulnerable to it? There's been a lot of chatter over the past couple of weeks surrounding this and I haven't seen any official statement from the vendor. In case anyone needs a reference, it's CVE-2022–22965. Note that this is different from the SpringCloud vulnerability (CVE-2022-2296) but we may as well include this in this conversation.
Thanks in advance.
Hi @sk84t (sk84t) , Thank you for reaching out to the Okta Community!
To answer your question, Okta is not impacted. But please refer to our article on the topic for specific details.
https://sec.okta.com/articles/2022/04/oktas-response-cve-2022-22965-spring4shell
Hope this helps!
It definitely does! Thank you!