Main content

Information

Notice of the potential impact of CVE-2022-22963 and Spring4Shell vulnerability CVE-2022-22965 on Ricoh products and services

April 6, 2022
First published: April 6, 2022
Ricoh Company, Limited.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

Ricoh is aware of these vulnerabilities disclosed by VMware.

  • CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression
  • Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later

We are working with our security experts to address this as a high-priority issue and are now investigating which products or services may be affected and will publish an advisory for the affected models. As of April 6, we have confirmed that these vulnerabilities do not affect the following main Ricoh products and services.

  • Ricoh Smart Integration (RSI) Platform and its applications
  • RICOH Streamline NX V2, V3
  • Multifunction Printers

As more information becomes available, we will update this web page.


| About Ricoh |

Ricoh is empowering digital workplaces using innovative technologies and services that enable individuals to work smarter from anywhere.

With cultivated knowledge and organizational capabilities nurtured over its 85-years history, Ricoh is a leading provider of digital services and information management, and print and imaging solutions designed to support digital transformation and optimize business performance.

Headquartered in Tokyo, Ricoh Group has major operations throughout the world and its products and services now reach customers in approximately 200 countries and regions. In the financial year ended March 2021, Ricoh Group had worldwide sales of 1,682 billion yen (approx. 15.1 billion USD).

For further information, please visit www.ricoh.com

###

© 2022 RICOH COMPANY, LTD. All rights reserved. All referenced product names are the trademarks of their respective companies.