Last updated: Fri 20 May 2022, 4:30pm AEST
A vulnerability has been discovered that affects certain versions of Apache Tomcat; a HTTP web server leveraged by several Objective solutions.
The identified issue presents as a potential race condition when using WebSockets, that could introduce possible disclosure of information or a Denial-of-Service attack.
More details on the issue are available through CVE-2022-25762.
Please return to this blog post for updates from the Objective Team.
Are my Objective solutions affected?
Since the issue was initially identified, the Objective Product Development Team has been actively investigating the impact of the vulnerability across the entire range of Objective solutions. Each product has been updated with a status, denoting the current state of the investigation and the next steps to be taken.
The following table will be updated as the status of each investigation is updated:
- Not Affected: Vulnerability does not affect this product
- Mitigated: Security configuration put in place whilst awaiting Patch
- Mitigation Available: A Security configuration is available to be applied
- Patch Pending: Investigation complete. Mitigation in progress
- Patch Applied: Patch has been applied by the Objective Team
- Patch Available: Patch available for customers to install. Contact Objective Support for details
Content Solutions
Product | Status |
Objective ECM 11.1 | Not Affected |
Objective ECM 11.0.x | Not Affected |
Objective ECM 10.x | Not Affected |
Objective Connect | Not Affected |
Objective Connect Link (on-premise) | Not Affected |
Objective Connect Link (cloud) | Not Affected |
Objective Gov365 (on-premise) | Not Affected |
Objective Gov365 (Cloud) | Not Affected |
Objective Redact | Not Affected |
Objective Ministerials | Not Affected |
Objective OpenGov | Not Affected |
RegTech
Product | Status |
Objective RegWorks (cloud) | Not Affected |
Objective Regworks Mobile | Not Affected |
Objective Regworks (on-prem) | Not Affected |
Objective Regworks Mobile (on-prem) | Not Affected |
Objective Reach | Not Affected |
Keystone
Product | Status |
Objective Keystone | Not Affected |
Planning and Building
Product | Status |
Objective Trapeze | Not Affected |
AlphaOne | Not Affected |
GoGet | Not Affected |