This announcement is in regard to the vulnerability mentioned in CVE-2022-22965, the Spring Framework RCE via Data Binding on JDK 9+
IR360 6.0 and earlier versions run on JDK 8, so Infrared360 is not affected in these versions (v5.9.x or v6.0.x).
If you are running v6.5, please contact tech support for an update to the Tomcat Jars - or a new Tomcat version in order to correct this vulnerability.
Monday, April 18, 2022