Apache Commons Text Vulnerability

October 31, 2022

ADP is aware of the Apache Commons Text Vulnerability (Text2Shell).

• CVE-2022-42889

Upon receiving reports regarding this vulnerability, ADP’s Global Security Organization began an investigation to determine any potential impacts to our system. At this time, ADP has determined that none of its systems are exposed to this vulnerability, and no intrusion has occurred. ADP’s layered defense includes technologies and controls to identify and/or prevent these types of threats, including assessing vulnerabilities and applying appropriate protection and detection control updates.

ADP’s Global Security Organization continues to actively monitor this situation as it does with all reported vulnerabilities. Clients are encouraged to visit ADP’s website at www.adp.com/trust to learn more about how ADP protects data, and how clients can help protect themselves.

Protecting our clients and their data from malicious activity is a top priority for ADP.