Hi Tiago,
Thanks for the question!
I've asked for an initial analysis from our Security expert, but we'll continue looking into this. However, so far I would say that if you are following AtoM's recommended installation instructions, this vulnerability should not impact AtoM. We do not use the Spring framework in AtoM, and we do not recommend Apache Tomcat for use as an application server (another prerequisite for the vulnerability).
As I said, we'll continue monitoring this, since AtoM does require Java to support Elasticsearch, but as of now there is no impact from Spring4Shell.
Cheers,