CVE-2024-38816: DMC not affected
The Spring project has published a Security Advisory concerning Spring Framework, an open-source library used by INFOMOTION Data Management Center.
Based on our analysis, the relevant vulnerability CVE-2024-38816 does not affect INFOMOTION Data Management Center as long as it is deployed according to specification:
- Our application does not use
RouterFunctions, the vulnerable component of Spring Framework. - DMC deployments are only supported on Tomcat application server,
which by itself mitigates the issue according to the official blog post by the Spring project.
Official Docker images published by INFOMOTION also use Tomcat as an application server, as does the "standalone deployment" available since DMC version 2024.1.
If you have further questions, please create a DMC support ticket via eMail.