The company published a notice of the potential impact of CVE-2022-22963 and Spring4Shell vulnerability CVE-2022-22965 on Ricoh products and services.
Ricoh said it understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
Ricoh is aware of these vulnerabilities disclosed by VMware:
- CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression
- Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later
Ricoh added: “We are working with our security experts to address this as a high-priority issue and are now investigating which products or services may be affected and will publish an advisory for the affected models.
“As of April 6, we have confirmed that these vulnerabilities do not affect the following main Ricoh products and services.”
Affected products are Ricoh Smart Integration (RSI) Platform and its applications, RICOH Streamline NX V2, V3 and multifunction printers.
As more information becomes available, Ricoh said it will update its web page.
