Spring4Shell Vulnerabilities (CVE-2022-22963) and (CVE-2022-22965)

VMware announced a vulnerability (CVE-2022-22963) in their Spring Framework on March 29, 2022. The vulnerability is within the Spring Cloud function allowing remote code execution.

A further vulnerability (CVE-2022-22965) has also been identified on March 31, 2022. This vulnerability affects the Spring Framework RCE and Spring Boot data-binding, if running Java 9 or above.

UniGW uses the Spring Framework within Tomcat however the vulnerable calls are not used. If customers wish to ensure total mitigation against the vulnerability regardless of this reassurance, an upgrade to Tomcat to 9.0.62 or later is recommended.

We are pleased to state that no further UNICOM products are affected by this vulnerability.

Apache Log4j vulnerability (CVE-2021-44228)

Apache published a critical vulnerability within the Apache log4j java library on December 6, 2021. This vulnerability allows an attacker who can control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

A small number of UNICOM products are affected:

  • UNICOM Digital Transformation Toolkit (UDTT) versions 10.0 to 10.2

On December 17, 2021, Apache published a new log4j vulnerability (CVE-2021-45105). This vulnerability affects the same identified products.

Resolutions are available for all versions. A UNICOM technical support representative will be in touch shortly to provide detailed instructions if you are affected. Alternatively, please email us at

There are also a small number of Macro 4 products affected. For details, please see this page on the website for the Macro 4 division.

UNICOM Systems' standard policy is to provide technical support for its software products from 6 AM to 5 PM Pacific Time, Monday through Friday except holidays. At an additional cost, UNICOM provides Extended Technical Support and Professional Services outside of our normal technical support hours. Please contact your UNICOM client services representative for availability and rates.

Please click on the correct product portal link to submit a technical support request.
If you have a critical (severity 1) issue please call the technical support number provided by your customer support representative.


If your product is not in the product list in the form, please see above for the correct technical support portal.