Notice of the potential impact of CVE-2022-22963 and Spring4Shell vulnerability CVE-2022-22965 on Ricoh products and services
Ricoh Europe, London, 06 April 2022 - Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
Ricoh is aware of these vulnerabilities disclosed by VMware.
- CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression
- Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later
We are working with our security experts to address this as a high-priority issue and are now investigating which products or services may be affected and will publish an advisory for the affected models. As of April 6, we have confirmed that these vulnerabilities do not affect the following main Ricoh products and services.
- Ricoh Smart Integration (RSI) Platform and its applications
- RICOH Streamline NX V2, V3
- RICOH myPrint
- Multifunction Printers
- SLNX Share
- Certificate Enrolment Service
- Intelligent Barcode Solution
As more information becomes available, we will update this web page.