DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

DigiCert Java Spring Framework Response

Solution ID : AL010422200001
Last Modified : 10/21/2023

Description

DigiCert is aware of the zero-day exploit affecting the Java Spring Framework disclosed on March 31, 2022. We continue to analyze this vulnerability and its potential impact on our services. At this time, we are not aware of any issue for our customers or services, and all services continue to operate as expected.  
 
Our team of security professionals continues to monitor the overall impact of the Java Spring Framework vulnerabilities (CVE-2022-22965). We will provide new information as it becomes available.

Services status

CertCentral

Services

Impacted/Not affected 

Patch status

Notes

CertCentral API

Not affected

CertCentral console

Not affected

Automation: DigiCert Automation Agent

Not affected

Discovery and Automation: On-premises sensor

Not affected

Discovery and Automation: CertCentral public scan

Not affected

Discovery and Automation:
CertCentral-Discovery as a Service

Not affected

ACME

Not affected

DigiCert Site Seal

Services

Impacted/Not affected 

Patch status

Notes

Site Seal

Not affected

Certificate Issuing Service (CIS)

Services

Impacted/Not affected 

Patch status

Notes

CIS

Not affected

Code Signing Timestamp Service

Services

Impacted/Not affected 

Patch status

Notes

Code Signing Timestamp Service

Not affected

Online Certificate Status Protocol (OCSP)

Services

Impacted/Not affected 

Patch status

Notes

OCSP

Not affected

Certificate Revocation List (CRL) 

Services

Impacted/Not affected 

Patch status

Notes

CRL

Not affected

digicert.com 

Services

Impacted/Not affected 

Patch status

Notes

Website

Not affected

Managed PKI (User Authentication) 

Services

Impacted/Not affected 

Patch status

Notes

PKI Platform 8

Not affected

PKI Platform 8: Web Services (SOAP API)

Not affected

PKI Platform 8: REST API

Not affected

PKI Platform 8: UAA

Not affected

PKI Platform 8:
Enterprise Gateway

Not affected

PKI Platform 8:
Auto Enrollment Server

Not affected

PKI Platform 8:
Local Key Management Server (LKMS)

Not affected

PKI Platform 8:
PKI Client

Not affected

PKI Platform 8:
InTune Import Tool

Not affected

PKI Platform 8:
Enrollment over Secure Transport (EST) Client

Not affected

PKI Platform 8:
Simple Certificate Enrollment Protocol (SCEP) Client

Not affected

PKI Platform 8:
DigiCert Desktop Client

Not affected

PKI Platform 8:
Bulk Export Tool

Not affected

PKI Platform 8:
Enrollment over Secure Transport (EST) Proxy Server 

Not affected

PKI Platform 8:
Simple Certificate Enrollment Protocol (SCEP) Proxy Server

Not affected

PKI Platform 8+: JP Public Retail system (non S/MIME)

Not affected

PKI Platform 7 (Including PC/CLP)

Not affected

PKI Platform 7 (Japan) Plus Japan unique services

Not affected

MPKI 7 Web Service (MWS)

Not affected

MPKI for Smartphone (AKA MPKI for Device)

Not affected

Twin'et 

Not affected

CI+ Platform

Not affected

Online Certificate Status Protocol (OCSP)

Not affected

Certificate Revocation List (CRL)

Not affected

Direct Cert Portal

Services

Impacted/Not affected

Patch status

Notes

Direct Cert Portal API

Not affected

Direct Cert Portal Console

Not affected

DigiCert ONE

Services

Impacted/Not affected

Patch status

Notes

Account Manager

Not affected

CA Manager

Not affected

DigiCert® Trust Lifecycle Manager

Not affected

DigiCert® IoT Trust Manager

Not affected

DigiCert® Software Trust Manager

Not affected

DigiCert® Document Trust Manager

Not affected

Automation Manager

Not affected

Automation Manager, on-premises sensor

Not affected

DigiCert ONE Japan

Services

Impacted/Not affected

Patch status

Notes

Account Manager

Not affected

CA Manager

Not affected

Enterprise PKI Manager

Not affected

IoT Device Manager

Not affected

Secure Software Manager

Not affected

Document Signing Manager

Not affected

Enterprise

Services

Impacted/Not affected

Patch status

Notes

API VICE2

Not affected

DigiCert Gatekeeper Service

Services

Impacted/Not affected

Patch status

Notes

GateKeeper

Not affected

QuoVadis

Services

Impacted/Not affected

Patch status

Notes

DSS-Engine Production

DSS-Engine Staging

Trust/Link

Not affected

SealSign Cloud Production

Not affected

SealSign Cloud Staging

Not affected

QVSS (QuoVadis Signing Service)

QuoVadis Qualified Timestamps

QuoVadis website Netherlands

QuoVadis NOVA System

TL/C Demo

TL/C Prod

PERSS

SixTerravis

Primosign

Not affected

If you discover your systems are affected by Java Spring Framework, DigiCert recommends that you create new keys, request replacement certificates, and revoke any impacted certificates from the compromised systems.

For further questions, contact DigiCert Support

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.