2nd update – 11 April 2022
this Ysoft-webpage
YSoft SAFEQ SPRING4SHELL VULNERABILITY
Applications
Office Printing
Professional Printing
1st update – 6 April 202
Konica Minolta has been made aware of two critical vulnerabilities with the highest risk rating affecting certain applications and services.
The threats are remote code execution vulnerabilities Spring4Shell – Spring Core RCE (CVE-2022-22965) and Spring Cloud Function RCE (CVE- 2022-22963).
CVE-2022-22965 (Spring4Shell) is found in the Spring Core Framework and was observed and confirmed at the end of March of 2022. Spring Framework is an open-source application framework, used for the development of Java-based applications, essentially aiming to help developers build applications more quickly. If exploited, this vulnerability can enable remote code execution (RCE) attacks, but it appears to be largely at the proof-of-concept stage right now for specific Spring Framework implementations.
CVE-2022-22963 (Spring Cloud Function RCE) was also observed and confirmed at the end of March 2022 and is affecting the Spring Cloud Function version 3.1.6, 3.2.2 and older unsupported versions. When using routing functionality, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Since this is still an early stage for both vulnerabilities, we do not yet have a list of affected applications/offerings from Konica Minolta for you. We are currently evaluating which versions of which offered applications are affected and if so, how to remedy the vulnerability.
For Konica Minolta, the security of our devices, applications, and services is of the highest concern. We are working on resolving the topic with the highest priority and speed and will provide regular updates.
- EveryonePrint Hybrid Cloud Platform (HCP)
- EveryonePrint (Mobile Print)
- KM Mobile Print
- ColorCentro
- Fleet RMM
- Remote Deployment Tool (RDT)
- CS Remote Care (CSRC)
- Net Care Device Manager (NCDM)
- Remote Service Platform (RSP)
- Dispatcher Phoenix
- Document Navigator
- dokoni FIND
- M-Files
- dokoni FIND
- Workplace Pure
- Konica Minolta MarketPlace
- bEST Guard
- Shield Guard
- PlanetPress
OL Connect (version 2018.1 or later) - PrintShop Mail Connect (version 2018.1 or later)
- PlanetPress Connect (version 2018 or later)
- PReS Connect (version 2018 or later)
- bizhub 423/363/283/223
- bizhub 652/552/602/502
- bizhub 754/654/754e/654e
- bizhub 554/454/364/284/224/554e/454e/364e/284e/224e
- bizhub 958/808/758, bizhub PRO 958
- bizhub 558/458/368/308
- bizhub 658e/558e/458e/368e/308e
- bizhub 367/287/227
- bizhub 750i
- bizhub 650i/550i/450i/360i/300i
- bizhub 306i/266i/246i/226i
- bizhub 246/226/206
- bizhub 225i/205i
- bizhub 185e/165e
- bizhub 185en/165en
- bizhub 306/266
- bizhub C360/C280/C220
- bizhub C652/C652DS/C552/C552DS/C452
- bizhub C754/C654/C754e/C654e
- bizhub C554/C454/C364/C284/C224/ C554e/C454e/C364e/C284e/C224e
- bizhub C281/C221/C221s
- bizhub C658/C558/C458
- bizhub C368/C308/C258
- bizhub C287/C227
- bizhub C759/C659
- bizhub C286/C226
- bizhub C360i/C300i/C250i
- bizhub C650i/C550i/C450i
- bizhub C750i
- bizhub C287i/C257i/C227i/C266i/C256i/C226i