Alert: DocuSign update on Spring4Shell vulnerability
DocuSign has been monitoring its infrastructure and product environments for potential impact from the Spring4Shell vulnerability (CVE-2022-22965) since it became public on March 29. Our dedicated security vulnerability management team is actively investigating affected components, monitoring for affected configurations, and remediating and mitigating impact.
The information regarding this vulnerability is still developing and the attack vectors are continuing to evolve. As such, we will continue to assess new information as it becomes available. Based on our current information:
The DocuSign eSignature service is not affected.
The DocuSign CLM service is not affected.
The DocuSign Insight service is not affected.
The DocuSign Legacy LiveOak service is not affected.
The DocuSign Rooms service is not affected.
The DocuSign Notary service is not affected.
We recommend our customers visit the DocuSign Trust Center (https://www.docusign.com/trust) for any key updates we may share further on this matter.