VRT Zero-day Security Advisory
Fortra Infrastructure Protection brands, Digital Defense and Beyond Security are actively monitoring the disclosure of a security issue affecting a widely used Java Framework called “Spring4Shell” or “SpringShell” which has been assigned CVE-2022-22965.
The Spring framework allows Java developers to develop Java applications easily with enterprise-level components. A Remote Code Execution (RCE) vulnerability was disclosed in the Spring framework that would allow an unauthorized attacker to inject a web shell to remotely execute code on a vulnerable target device.
JDK version 9 or later running Spring Framework versions 5.3.0 to 5.3.17 and 5.2.0-5.2.19 or older versions are vulnerable.
You can find patch information here.
The Vulnerability Research Team has updated our scanner with check 148151.
Should you have questions regarding this advisory or require assistance, Fortra VM subscribers can contact your Client Advocate or Personal Security Analyst; beSECURE users can contact Beyond Security Support via Freshdesk.
-Fortra Infrastructure Protection Vulnerability Research