Notice of the potential impact of CVE-2022-22963 and Spring4Shell vulnerability CVE-2022-22965 on Ricoh products and services
Last updated: August 9, 2022
First published: April 6, 2022
Ricoh Company, Limited.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
Ricoh is aware of these vulnerabilities disclosed by VMware.
- CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression
- Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later
Upon thorough investigations, Ricoh confirmed all products and services that it develops, manufactures, and offers are not impacted by these vulnerabilities, except for Media Management Tool-E. Updated program has been released for these products. Please download the latest firmware from the regional driver download site.
For products and solutions from vendors other than Ricoh, we recommend customers confirm the latest information directly with relevant vendors.
Ricoh is committed to supporting customers across the globe, enabling them to operate Ricoh products equipped with the latest security settings.