VRT Zero-day Security Advisory
VRT Zero-day Security Advisory
HelpSystems Infrastructure Protection brands, Digital Defense and Beyond Security are actively monitoring the disclosure of a security issue related affecting a widely used Java Framework called “Spring4Shell” or “SpringShell” which has been assigned CVE-2022-22965.
The Spring framework allows Java developers to develop Java applications easily with enterprise-level components. A Remote Code Execution (RCE) vulnerability was disclosed in the Spring framework that would allow an unauthorized attacker to inject a web shell to remotely execute code on a vulnerable target device.
JDK version 9 or later running Spring Framework versions 5.3.0 to 5.3.17 and 5.2.0-5.2.19 or older versions are vulnerable.
A patch is not yet available.
The Vulnerability Research Teams are currently evaluating the feasibility of deploying a remote vulnerability test for this condition. VRT is closely following the flaw and will update scanners with tests and checks as soon as they are available.
Should you have questions regarding this advisory or require assistance, Frontline.Cloud subscribers can contact your Client Advocate or Personal Security Analyst; beSECURE users can contact Beyond Security Support via Freshdesk.
-HelpSystems Infrastructure Protection Vulnerability Research
The post VRT Zero-day Security Advisory appeared first on Digital Defense.
*** This is a Security Bloggers Network syndicated blog from Digital Defense authored by Digital Defense by Fortra. Read the original post at: https://www.digitaldefense.com/resources/vulnerability-research/vrt-zero-day-security-advisory/
